Sunday, January 27, 2008

Featured Utility CD: BootZilla

From time to time I come across a utility package that is worth keeping around.

While I carry lots of applications and utilities for Windows systems support on my USB memory sticks, there are a few "all-in-one" CD/DVD media disks that I tuck away within reach, just in case.

These include:

Some are simply a matter of downloading an ISO file and burning it to a CD/DVD disk.  Others require quite a bit of work to build and master before creating the ISO and burning to CD/DVD.

I and my tech-support team use a specialized "home-brew" support CD that is a powerful blend of a Windows PE based boot disk, and an autorun-menu driven utility disk.  If I ever get a week or two off work, I might post my recipe for it.

So when I was poking around in some forums a few weeks ago I came across this interesting-sounding support CD and decided to take a look.

BootZilla - Stomping Windows Issues, City-wide

Official Home Of BootZilla

What is BootZilla?

Simply put, BootZilla is a collection of Windows support utilities and software applications all rolled up into a bootable CD.  Nothing out of the ordinary there.  Lots of these exist.

However, the developer, Jim "jimmsta" Gall, has done a few clever things to make this creation a nice blend.

BootZilla has two "modes".  The first is a simple HTML "auto-run" menu that launches when the product is placed in a Windows system.  The menu allows selection of a wide variety of helpful applications to be used for diagnostics, troubleshooting, or utility work.  This may entail fixing stuff that was broken by malware, or running scans for baddies.  This side of operations takes place on the running system, so in this regard this portion isn't a "Live-CD" for off-line working on the system contents.

However, Jimmsta has taken that into consideration and you can also build a "Live-CD" to actually boot the system with.  The options here include running Memtest86+, Memtest, MMDisk (Prime95), a Drive Fitness Test, HDAT2, the XP Recovery Console, or boot to a hard-drive.

Getting BootZilla Going

First, download the setup package.  I just selected the "Full Download" version as the other link didn't seem to be working. Note, the ZIP file is a whopper coming in at about 107 MB so don't try this on dial-up.

Next, unpack the file to a handy location.

Inside the main folder, look for and find the "BZUpdate.cmd" and run it.

A command-prompt window will open and provide you a menu of options.

If this is your first time building BootZilla, select option 1 and press "enter".  This will begin the download process for additional applications and components.  Depending on your broadband speed and network traffic on the server(s) this might be fast or take a while.

When done, you should return back to the menu.

Now to make the combo boot-CD/auto-play-CD, select option 4 and press "enter".  This will produce a ISO file in the folder root for you to burn.

Done!

You also have other options to do periodic BootZilla "Update" or "Quick-Update" actions as well in case the program and its components change.

Tests in VirtualPC 2007 have shown it to be very stable and easy to use.

And it is free.

Random Thoughts

The Windows applications available from the auto-play side are a mix of "installers" and "executables".  By this I mean that some software listed must be installed on the system before it will run and can be used.  Others will open and run without installation.  As an administrator, I find it helpful that the majority of the applications I use to troubleshoot and repair a system are self-executable and not require installation.  Working off read-only media does present operational problems for some applications, and as such, I can understand the approach taken.  However, I would be nice if none of them required installation.

Jimmsta has done a good job making it clear in the "launcher page" which applications require installation and which ones are runnable.  The program descriptions are concise and clear.  I wonder what would happen if the default web-browser (which renders the HTML auto-run page) has been compromised or rendered non-functional by a very bad malware infection?  The user could still possibly browse the CD contents using Windows Explorer and manually launch the programs, but unless they are familiar with the names and uses, it might be more difficult.

I am curious if EULA rights allow many of these programs to be distributed in this manner.  They all come packaged in the "full" download zip file and the update activity seems to bring down additional program components that were updated since release.  Some program owners don't mind inclusion of their programs in this manner while others only allow download directly from their servers and don't allow redistribution.

Jimmsta's building menu is very well done.  It is very clever and what could be a confusing process is very simple due to his great Readme files and the clarity of his menu option wording.  This part works like a charm and even the most boot-cd-challenged in disk-building shouldn't have much trouble at all getting going.

The over-all software choices provide a great balance of tools and utilities.  I would have like to see a few from NirSoft and some more from Microsoft Sysinternals, but Jimmsta acknowledges that BootZilla isn't intended to cover all the bases as he writes in the Readme file:

This new aim is just to make a simple, small toolkit for virus and spyware removal. It is
not intended to replace all of a computer technician's tools - it is intended to take care
of the basics. It is an essentials-only toolkit now.

So, to that regard, Jimmsta has provided a very clever and resourceful tool.  It will be interesting to see how this tool matures.  I'm sure great things can come out of it.

BootZilla--definitely worth checking out.

--Claus Valca

Sunday, January 20, 2008

Playing the Windows Shell Game

Despite what the post title might suggest, this isn't a post about Vista adoption numbers, Microsoft fighting negative Vista buzz, or even the next Windows OS.

The Windows Shell

At its most basic description, the Windows Shell is the graphical user interface that most folks see when they interact with the underlying Windows operating system.  These include the visual "folders and files" we see, virtual objects like printers, the Recycle Bin, the Control Panel, etc.

Windows Shell - Wikipedia, the free encyclopedia

There are a number of replacement Windows shells, if you want to get really freaky and ditch the familiar style of Windows:

Vista Start Menu - (freeware) - Windows XP and Vista. -Use this to replace your XP or Vista Start Menu that provides an alternative structure to your program files, accessories, and other functions. Vista's new Start Menu layout can be a challenge finding things, but while you can revert to the XP-style, it isn't nearly as pretty. Vista Start Menu gives you a balance between both. In addition, it is designed around something called cognitive identification which is a fancy way of saying it works like your (well, most people's) brain organizes information. And if you delete an icon or remove an application, it doesn't shift the items around, it just leaves a blank-space until you clean it up. I am intrigued by this program. It looks very polished and seems to make a lot of sense. I am going to try running it on some of my test machines to see what I think.

Vista Transformation Pack 8 - (freeware) - Make your XP system look very, very similar to Vista. This build lets you apply an "Aero Glass" effect to your XP system without needing WindowBlinds now. Also included is the free WinFlip application which mimics the Flip3D task switching tool in Vista. It provides better compatibility with hotfixes, now provides a suggested setup configuration during application to the system, and included updated versions of all the mini-utilities that make it render the Vista effects. Do use this with caution, as some users report problems uninstalling and removing the "bits" that make it work. A System Restore point would be a good bet.

Leopard Mods On XP - (freeware) - Make XP look like Leopard.

FlyakiteOSX - (freeware) - Another make-Windows-look-like-Apple package.

Fedora Transformation Pack - (freeware) - Make Windows look like Fedora.

Ubuntu Transformation Pack - (freeware) - Make Windows look like Ubuntu.

There are some other "lighter" tools out there as well that don't do full transformation but do modify some key areas.

However, that's not really what I am posting about today.

This is really about making the Windows Shell's right-click context menu more useful.

Power to the People - Right-Click Menus!

The Windows right-click context menu (RCCM) is a wonderful tool that brings action-shortcuts to hand when you right-click on a file or folder in Windows.  Depending on software and applications you have installed, you may see additional items listed to say, create a compressed file, send a file to your email editor, maybe open or edit a file in a particular program, create a shortcut, or send something to your desktop.

It is dead-handy, and can quickly make an average XP/Vista user a power-user.

And there are some options that you would expect to see, but are absent...like being able to create a new folder.

So I've collected a bunch of links, tips, and tools that can help you trick-out that right-click context menu and give you more power.

File/Folder Path Copy

Clip Path - (freeware) - This micro-utility is dead-helpful for a sysadmin like me.  Micro-sized, when installed it creates a "ClipPath" option in the RCCM.  Right-click on a file/folder or files/folders and it offers to copy the full path of the target.  I find it great when I am documenting guides as it saves a lot of typing and improves accuracy of my file-path references.  The cryptic "Create Outlook Link" option allows you to copy the path in a Outlook supported format.  Supports both Windows and Unix style path formats. "\" versus "/" as well as UNC paths for mapped network drives.

<file:///C:\Documents and Settings\Claus\My Documents\Standalone Apps\bookmarks.html>

Ninotech Path Copy - (freeware) - Really a must-have for Novell server administrators.  Like Clip Path but on steroids.  Adds tot he RCCM the following file/folder path copy formats: short name, long name, short folder, long folder, short path, long path, short UNC path, long UNC path, Internet path, custom methods.  "Short" formats are those that are converted to 8.3 Format naming conventions.  It is really amazing.  Spotted via Back Room Tech blog.

Grab Path Shell Extension - (freeware) - Like the others it grabs the file/folder path(s) to the clipboard. This one allows for choosing separation options when multiple items are selected for copy/paste.

Open a Command Prompt Window Here

Normally if you want to open a Windows Command Prompt Window, you can browse to the Accessories folder in your Start menu, or just type "cmd" in the Run wizard.  However, generally this results in the box opening at the root location.

Suppose you want to run a command-line only tool but it is buried very deep into your folders.  That could be a lot of typing to get into the right folder.  Wouldn't it be easier if you browse for it in Windows Explorer GUI then launch the command-line window directly into that location?

You can:

Microsoft PowerToys for Windows XP - Open Command Window Here - (freeware) - Official (unsupported) Microsoft Power Toy does just what it says. Easy to install and use.

Additional RCCM Hacks

xpy » sendtosendto - (freeware) - Allows you to add items to the Send To sublist in the RCCM.  Handy if you have some favorite folders/locations you are always moving files into.

Create New Folder - (freeware) - Adds a "Create new folder" option to the RCCM. No more going up and fishing for the "File" -> "New" -> "Folder" option off the menu-bars.

O'Reilly Network -- Hack #29: A Power User's Hidden Weapon: Improve the Context Menu - (tips) - This on-line selection is pulled out of the Windows XP Hacks book by O'Reilly.  My brother made the mistake of letting me borrow it and I haven't given it back yet!

Although most of these tips require some "hands-on" work in the registry or other scary places, they can add some helpful options to your RCCM, including

  • Add "Copy To Folder" and "Move To Folder" Context Menu Options
  • Add and Remove Destinations for the "Send To" Option
  • Open the Command Prompt from the Right-Click Menu
  • Clean Up the "Open With" Option

RCCM Shell Suites

FileMenu Tools - (freeware) - If you are like me, you probably have quite a collection of right-click context menu items on your system.  I can do the standard things like copy/paste/move/send to, I can zip, I can open with Notepad++, I can secure erase files.  Stuff like that.  FileMenu tools lets you manage these items, but it does SO much more.  It's really designed for power-users of the context-menu.  The program comes with extra mini-utilities that you can also add as selections to your right-click context menu: Synchronize Folders ,Extended Delete, Find and Replace, Advanced Renamer, Delete Locked File, Delete and no move to Recycle Bin, Change Icon , Run with Arguments, Command Line From Here, Split File, Join File, Copy to..., Move to..., Copy Name, Copy Path, Copy Content, Paste Clipboard, Attributes, Change Time, Register DLL, Unregister DLL, Create New Folder, Size of Folders, Shred Files. Whew!

CFi ShellToys - (45-day trialware/$) - I don't normally offer trialware links. However, in the context of this post, this is a product that some might find just wonderful enough to decide to buy.  This utility places a "ShellToys" option on the RCCM.  Then you have 50 context-sensitive options to pick from along with 20 fantastic extra shell-based tools. Works on all 32-bit versions of Windows. Operation centers around a highly tweakable "ShellToys Control Panel" which allows you to select the options that appear.  This way you can only see the ones you want to use, and disable the ones you don't to keep things trim and proper. At around $40, this might be a tool power-users want to plunk down for and pick up. The site has some heavy screenshots if you look into the individual items.  Go spend some time on this site.  It might be worth your while!

Synesis - Windows Shell Extensions - (freeware) - I've already mentioned Grab-Path, but it is actually one of several windows shell extensions in the packaged offered by Synesis. The full list of items includes:

  • Command Box - opens a command prompt (DOS box) on the currently selected directory
  • Date Renamer - renames file(s) with the current date/time - new with version 2.0.1
  • File Case - changes the case of the currently selected file(s)
  • File Touch - changes the date/time attributes of the selected file(s)
  • Grab Path - copies the path(s) of the currently selected file(s) to the clipboard
  • Read Only - changes the read-only status of the currently selected file
  • Remote Reboot - shutdown/reboots another machine on your domain
  • Empty Directory Remover - removes any empty sub-directories of a given directory
  • Run Program - runs the currently selected program (.exe/.bat/.cmd) with arguments prompted from the user
  • RCCM and Shell Editors

    Sometimes you want to change what appears in the RCCM list.  These tools will help you explore, understand, and edit the lists.

    Context Menu Editor - (freeware) - Simple utility to let you delete links to programs on your context menus. Simple program but changes made cannot be reversed without reinstallation of the original application. Use with caution.

    ShellMenuView - (freeware) - NirSoft tool to view and manage the right-click context items for those who prefer a more zen-like experience.   You can easily enable/disable items so if you find you disabled something important, you can quickly restore it without needing to do a reinstallation of the application that placed it there in the first place.

    ShellExView - Shell Extensions Manager - (freeware) - Application also from NirSoft. Bit more advanced that ShellMenuView.

    Shell Extensions are in-process COM objects which extends the abilities of Windows operating system. Most shell extensions are automatically installed by the operating system, but there are also many other applications that install additional shell extension components. For example: If you install WinZip on your computer, you'll see a special WinZip menu when you right-click on a Zip file. This menu is created by adding a shell extension to the system.

    The ShellExView utility displays the details of shell extensions installed on your computer, and allows you to easily disable and enable each shell extension.

    ShellExView can be used for solving context-menu problems in Explorer environment. For more information, read the following article: Right-click is slow or weird behavior caused by context menu handlers

    Tidy Start Menu - (freeware/$) - Utility to allow you to quickly re-organize and clean up your Windows Start Menu and Program Files list.  Great tool to help categorize items and remove dead-links. Also do import/export of your Start menu items, as well as backup/restore. Clever!  Screenshots.

    Additional Microsoft TechNet Shell Resources

    Windows Shell - (Microsoft TechNet) - Contains technical information and parameters for the Microsoft Windows Shell.

    Shell Developer's Guide - (Microsoft TechNet) - Covers security considerations, an overview of the Vista shell, integration of applications into the shell for file format owners, shell extensibility, application support, miscellaneous topics, XP and early OS issues, Shell and common control versions.  Interesting stuff if you have to design and/or troubleshoot Windows Shell issues.

    Shell Reference - (Microsoft TechNet) - Detailed information going into Shell classes, interfaces, functions, callback functions, constants, enumerations and flags, lightweigh utility functions, macros, messages and notifications, object scripting, some C++ considerations, properties, schemas, and structures.

    Go ahead, hold 'em up to your ear and see what you hear.

    It might be the sound of your cooler fan, but, for some, it might just sound like relaxing call a distant Pacific ocean bliss.

    --Claus

    Random Signals: A Linkfest

    It is a chilly Sunday morning.

    The Valca family has been polishing off the remaining cinnamon rolls from last-morning's breakfast.  Ymmmmm.

    Claus has got a last-minute technical training session to pull somewhere deep out of a hat for this coming week.  Tomorrow's a holiday but it looks like I will be drafting training material instead.

    So here is a mixed up collection of links, news and software worth looking into.

    Sprinkle well.

    Microsoft User Migration Tools

    James.Random() : USMT gets a GUI wrapper - James finds a GUI wrapper (Workstation Migration Assistant) by Dan Cunningham for Microsoft's User State Migration Tool (USMT).  USMT requires that the client pc be connected to a MS Windows server-based domain controller.  So it isn't for most individual (home) users.  USMT is a command-prompt based tool, so it can be a bit clunky.  Having the GUI wrapper should make the process much easier for many administrators.  Dan hasn't released it yet hopes to be able to do so soon.  Early screenshots from Dan's utility look really cool: #1 , #2 , #3 , #4 , #5 , #6.  I'm already trying to think of ways we could integrate the USMT tool into our system re-deployment activities.

    I'm definitely keeping this one on my watch-list!

    Additional References:

    Related: Microsoft's Files and Settings Transfer Wizard

    Use this tool to migrate information from pre-Vista systems to XP or Windows 2000 systems.

    Related: Microsoft's Windows Easy Transfer

    Use this tool to migrate information from XP systems to Vista.

    System Cleaning

    Back in September '06 I went through a typical Fall Home PC Cleaning.... routine. That routine pretty much remains the same, though I might be able to present a better list in a few months when Spring comes around.

    In the meantime, updates have been released to programs I use in that process.

    CCleaner - (freeware) - There is probably no better freeware product out there that I know of to clean a system's temp-files, Internet programs, system, and registry.  It is clearly the best.  And remains free.  Even better, is that it comes in both an installable version, as well as portable and "slim" versions.  Version 2.04.543 adds the following improvements

    - Added system tray icon when background cleaning.
    - Added minimize to system tray option.
    - Optimized file deletion routines.
    - Improved Firefox file analysis speed.
    - Added text status info for slow cleaning processes.
    - Added program icons to the uninstall tool.
    - Fixed bug with saving window location when maximized.
    - Fixed bug with 64bit OS registry keys.
    - Fixed cookie issue with foreign language usernames.
    - Fixed bug with running CCleaner as a scheduled task.
    - Added Netscape 9.0 support.
    - Updated Antivir and Foxit Reader cleaning.
    - Minor GUI tweaks and fixes.
    - Other minor bug fixes.

    You may not know it, but CCleaner will allow you to optionally preserve selected browser cookies that you just can't live without.  So you can dump the junk, but keep the ones you need.  Donation Coder has a great tutorial on this oft-forgotten feature: Mini-HowTo: Handling Cookie Privacy the Right Way

    Of course, you can do it the painful way and inspect your system cookies (for IE and Firefox) one-by one with NirSoft's free utilities IECookiesView and MozillaCookiesView as well.

    Wise Registry Cleaner and Disk Cleaner - (freeware) - Two other system cleaning products I have come to rely on and enjoy.  Both are very easy to use and are very effective at what they do. For more details see the Wise Disk Cleaner manual and the Wise Registry Cleaner Manual.

    The PC Decrapifier - (freeware) - Version 1.8.8 just released this week. Works for XP and Vista.  Removes a large number of items from OEM system installs.  These are the nuisance items that OEM's place on your system to help bring the price of a new system down (due to back-room deals) but load up a system with software and services that many feel are crap and bog it down.  Uninstalling them yourself manually can be time consuming and tedious. This tool helps speed that process by ripping out a large number of them automatically for you.

    KillBox - (freeware) - Just a little utility to help you try to delete locked files (usually malware based) from your system.  I have been using it for some time, but just noticed a KillBox Beta download link the other day when I was looking for updates.  It is a bit smaller and much more self-contained in a single exe file.  I like the improvements.  Related post: I will kill thee a hundred and fifty ways...freely

    NewsFox Beta Release

    Beta release: NewsFox 0.8.4b1 - (Firefox Add-on) - To be released (soon?) as 0.8.4, this version contains some really handy upgrades.

    • It contains a new column to do a Bayesian filter for article interest probability ranking.  Interesting concept.
    • It adds three new columns (hidden by default) to the article pane; source, author, feed.
    • Options to delete files/preferences for NewsFox when removing the extension. But why would anyone bother?
    • Partial bookmark syncing.
    • Most optional preference settings are now accessible through the GUI.  Now you don't have to dive into about:config to make as many NewsFox tweaks.
    • Alternate category sorting from the GUI

    XP What?

    Here are two fantastic and clever utilities that I often get confused with due to their similar-sounding names.  Not worth calling the trademark lawyer's over, but it is amusing.

    xp-AntiSpy - (freeware) - Great little tool just updated to version 3.96-7 this week.  Use it to selectively disable some of XP's built-in features and capabilities.  Some feel that these services are "dangerous" at worst and "undesirable" at best.  Not a "anti-malware" tool despite the name. It's more to keep Microsoft's own XP OS from "spying" on you. It's a gem and can save some time when you are doing advanced tweaking by allowing you to skip making tweaks in the registry or deep-diving into the GUI.  Screenshot.

    xpy - (freeware) - This tool also help you tweak default Microsoft XP settings.  Like xp-AntiSpy, it helps to disable some of Windows XP's services, Microsoft server communications, and tweaks privacy settings for your system security. Screenshot.

    See also: Vispa - (freeware) - Also from xpy's Jan T. Sott.  This one allows you to change default Microsoft system settings in Vista to improve your Vista system's privacy, security, and maybe its performance. Screenshot.

    Shortbread

    Utilities worth quickly looking into.

    Process Lasso - (freeware) - Really fascinating program.  Highly customizable utility that allows you to automatically adjust the allocation of CPU cycles for your system.  If it sees that a monitored application is running it can drop the priority level assigned to that process if it crosses a threshold limit, if it is launched, or other more advanced criteria.  Runs on Windows 2000, XP and Vista (x32/x64).  Lots here to see and do.  I just don't have enough time to do it justice today.  Not intended to be a "task-manger" but does have some of the same abilities.  This one looks really cool.

    eToolz - (freeware) - Yes, the page is in German. Sorry. (Translate to English).  The download link is in the mint-green bar and says "eToolz herunterladen".  It is a package of network tools that includes NS-Lookup, Ping, TraceRoute and Whois.  You can check email addresses, and search/convert domain-name showing DNS entries.  Launches in German language but you can quickly change it to English. by clicking on "Sparche/Language" option on the menu-bar.

    Free Kaspersky Antivirus - (CyberNet News tip) - This post intrigued me.  It was a tip that Kaspersky is offering a free version of their anti-virus software, Kaspersky Antivirus 6.0 Second Opinion Solution (S.O.S.).  The post stated that this software will only run "on-demand" but can provide a 2nd pass scan if infection is found on your system (or to check the results of a 2nd party 1st pass scan).  That led me to this page at Kaspersky Labs: Free Virus Scan.  I downloaded the application and installed it on a virtual XP machine.  It installed wonderfully, but reports that it is time-limited trialware.  Test runs with it find that it indeed could be a wonderful compliment to an existing primary anti-virus program on a user's pc.  Commentors at the CyberNet post also expressed confusion as they too observed the product seemed to be trial-ware.  I'm going to wait to see what happens at the end of the trial-period.  It might just fail to work, or it might drop into a "reduced-functionality" mode like some other products to. This might leave it crippled, but still useful enough to keep around.  I will let you know what happens.

    Simply Scary

    The Valca home tries hard to catch episodes of Wired Science on PBS. Their air-time schedule has seemed to be very difficult to pin-down. So I have been often forced to catch episodes on-line.

    One of our family's favorite mini-elements is What's Inside.  Normally these brief features go through a long-list of frightening ingredients to arrive at a common household item we all love and enjoy: Sample video.

    So Lavie and I read with horror this post from Wired-proper: What's Inside: Nair Hair Remover, Feel the Burn!

    Alvis just shrugged.

    Related: What's Inside: Red Bull

    --Claus

    Saturday, January 19, 2008

    Database Druid versus Desktop-Support Sage

    This past week I took a call from an IT guy from one of our sister agencies who was in Dallas.

    He had a collection of laptops he was needing to install for their users, but there was one little problem; the image on the drives was wrong.

    Lost

    Seems the procurer ordered them from Dell using a direct order, and not with one of our specialized state contract channels.  That resulted in the drives getting bare XP images, and not our highly customized agency images.

    He called us since we have a few of their users in our area and he was going to need to come down here to Houston also to install the laptops for those users.  Perchance did we have a good laptop image?  Seems no one on his agency's side did.

    Turns out we didn't either, but we had one close enough we thought we could get it working for him.

    He drove in and by the time he got here we were able to work with his IT team to try to get one of the stored images off a networked image-repository location.  (That ended up being a two-day fiasco that never bore the expected fruit.)

    So we called it a day and ended up deciding to try one of our other "close-enough" images for their agency I had.

    The plan was that if we could get it up just enough, we could then re-prep it, and image all the others he had, saving him days of work since he was already seriously behind.

    Turns out the poor guy wasn't a "real" IT desktop-support guy.  We had assumed he was since he was delivering and installing laptops.  He was actually an IT database manager who somehow got pulled for the job.

    I quickly lost him when I began outlining a plan of attack for the image work.  He knew of Ghost but that was it. I mentioned using a faster solution called imagex and needing to be sure to do a Sysprep and making sure we got new SID's on the machines (see also the NewSID tool). He was clueless.

    Found

    Fortunately, I already had an Imagex wim file of a desktop system from their agency that was pretty recent. So we decided to try that one.  Using a desktop image on a laptop is always a dicey affair. Hardware is pretty specialized on laptops and drivers are a booger to work out if they aren't on the image.

    The image went on smoothly and the laptop was "functional" except for only having about ten drivers missing.

    I tried to download and apply the laptop-model's driver package Dell that I have access to, but for some reason, none of the drivers were accepted by the XP system's driver installation wizard.

    So I ended up having to download the individual laptop component drivers based on what I pretty-well thought they were and installing them by trial-and-error.

    In the end, I was successful.  I ended up with only two cryptic missing drivers. One was a "PCI device" and other was a network controller.  Turns out the network controller was for the Bluetooth adapter.  That took me a few minutes to figure out since I had managed to get all the network adapters working (Ethernet and wireless) until I remembered this model did come with Bluetooth. The "PCI device" was harder.  After about ten minutes of pondering, I remembered the laptops have internal modems.  I looked for it in the device-list but it wasn't there. One more driver download from Dell and all the hardware/drivers were fully functional and loaded.

    I turned the laptop back over to our visitor who then got with his IT team and they remotely finished the desktop setup and configurations with him as well as bringing the OS up to date with patches.

    When they were all done, I used one of my own generic agency sysprep packages on it and got it bundled up.

    I then used a WinPE 2.0 and ImageX boot disk I made and captured the system image to a portable USB drive.

    I showed him how to apply the image to the remaining systems and left him to it.  In about four-hours he had the remaining laptops all imaged and ready for deployment

    One last thing I did was to "bake" a WinPE 2.0 boot disk with Imagex and the custom image.wim file (how-to here) onto a DVD.  This way he could now have a working image disk in case of any issues.

    Next day he was out the door and on his merry way.

    Lucky for him he fell into our IT group's lair.  We just happened to have both the knowledge, resources, and time available to spare him a lot of work and trouble.

    Shop Talk

    While we were chatting during the process we did some "shop-talk."  He was looking into getting a new system and we talked about the "home-brew" building techniques versus OEM pros and cons.

    He asked how he could preserve all his programs and settings when he reloaded his XP system. So I gave him some (limited) options.

    I asked him why he was going to reload his system.  Turns out it was running slower-and-slower over the past two years and he heard that you need to reload your XP system every year or so.

    I encouraged him to try some relatively easy fixes first, before doing a system-reload.

    He seemed very pleased with the information and tips.

    The One Thing that illustrated the Big Difference (to me at least)

    Even though he was from a database administration background and my specialty is desktop support, we pretty much talked on the same IT level.

    It wasn't until I was driving home late that night that it struck me where the difference was that I had observed and had been nagging at me.

    When I was showing him how to to use the WinPE 2.0 boot CD and the USB drive, I reminded him that the laptops came from the factory with the BIOS set to boot from the floppy, the internal drive, then the CD-ROM.  I helpfully told him that he would need to break into the BIOS to change the boot device order.

    He smiled and said he didn't need to do that.  He would just do a one-time-boot option to use the CD-ROM. He did that to save time and not need to deal with the BIOS settings.

    This was the philosophical and practical difference I realized that pointed out (to me anyway) the difference between IT support folks who support applications versus those (like me) who support entire desktop systems (hardware, software, networking).

    His perspective was that even though he was going to be setting up the pcs, he needed to only use the boot-cd media once to accomplish his task at hand.  Made perfect sense to him from his perspective.

    Mine was to go in and permanently change the boot-device order in the BIOS.  From my perspective, I (or my team-members) will eventually be back in front of this machine in the future. We will need to re-use a boot-cd disk to do future work on the system, or for imaging, or for the final secure-data wipe when we retire it.  So it makes sense to me to make a permanent change now to avoid having to do it later.

    Both solutions work well, they were just based on the different ways we relate to the system.

    I thought it was interesting, anyway.

    --Claus

    Monday, January 14, 2008

    Taming Logitech SetPoint on Vista

    Yes! Another Vista annoyance resolved!  Hooah!

    Two Mice...but only one has a Tale

    I have a pair of Logitech Optical LX7 mice.  I really like the way they feel, size-wise, in my hand.  One is corded which I use on our XP desktop system and the one I use on the Vista laptop is wireless.

    One of the great features is that the scroll-wheel can also be left-push-clicked or right-push-clicked. While Vista and XP seem to install default drivers just fine automatically, to use the advanced configuration features, you need to install Logitech's own drivers and SetPoint software to control it.

    I have the left-push-click set to a "copy" function and the right-push-click set to "paste."

    When I am blogging I can really fly when I am copying URL's and pasting them into the Windows Live Writer link editor. Select--copy--edit--paste...seamlessly without ever taking my right hand off the mouse.  It's a sweet dance.

    Only unlike on my XP system, those features have never worked under Vista with the mouse.

    Troubleshooting a Mouse

    First thing I did was to be sure to download the latest Logitech software/drivers.

    I was sure to grab the Vista version.  However, the copy/paste click function still wouldn't work.

    The mouse itself worked fine and otherwise seemed unaffected; it was just the extra-features that didn't work.

    I could see the options in the SetPoint application were set correctly and it seemed to save and retain them just fine, they just wouldn't work.  I could see SetPoint running as a process in Process Explorer so from all indications the software/drivers had installed correctly.

    From my previous experience I had a gut-feeling that there was some crazy UAC mojo keeping the copy/paste activity from working.

    I suspected that UAC was blocking the copying of data from a lower-rights application into a similar or higher-rights running application.  But I couldn't be sure.

    My Vista profile is already an "administrator" account, so the install should have given it sufficient rights to work correctly...which it did not.

    Next I tried to get it to work with a manual "run as administrator" launching run.  Nope. Didn't work.

    So I placed a shortcut to Logitech's SetPoint.exe file in the Startup folder.  Nope. It would launch, but still wouldn't allow the advanced features to work.

    I enabled the shortcut to "run as administrator" but that caused the UAC to block it entirely (see this post for details on that).

    I tried using the Startup Program Unblocker mini tweaking utility by Jimmy B but it would not offer me the option to set it to run as administrator.

    So that left me with one more option to try.

    Hickory-Dickory-Dock, Tasking a Mouse to Run by the Clock

    I removed the SetPoint shortcut from the Startup folder where I had placed it in my earlier attempts and then set it to run at login as a scheduled task under Administrator privileges.

    Note: You MUST be using an "administrator level" profile account for this to work.

    To configure an application (set to run with administrative-level privileges) in Vista to launch this way at startup, just follow the steps outlined below:

    1. Click the "Start Orb" in Vista,
    2. Select "All Programs" and click,
    3. Find the "Accessories" folder, and click it,
    4. Find the "System Tools" folder, and click it,
    5. Find "Task Scheduler" icon and click it to launch.
    6. Under the "Actions" column on the right find and click "Create Task",
    7. Give it a name, (a description might be helpful to add-in as well).
    8. Under the Security Options, tick the "Run with highest privileges" box,
    9. Select the "Triggers" tab,
    10. Click the "New" button",
    11. On the top line that says "Begin the task:" click the drop-down menu and select "At log on",
    12. Under the "Settings" area on the same tab, click the radio-button option next to "Specific user or group:" which should be your account name.
    13. Unless you want to set additional options, click "OK" button,
    14. Now move over and click on the "Actions" tab.
    15. Click the "New" button to add a new action to our scheduled event.
    16. Leave the Action drop-down item set to "Start a program",
    17. Click the "Browse" button and browse for the executable you wish to run when you log on. (In my case I was looking for C:\Program Files\Logitech\SetPoint\SetPoint.exe .)
    18. Select it and click "Open" button. It should appear in the line. Feel free to add any additional arguments and/or "Start in (optional)" items if you need them.
    19. Click "OK"
    20. Click "OK"

    Done!

    I logged off my profile and logged back on.

    I tested the copy/paste functions of the mouse....and they worked perfectly now.

    So UAC struck again, and by allowing this program to run as a scheduled task with administrator level permission in this way, SetPoint was now able to function normally copy/pasting between different applications.

    Whew!

    I'm getting pretty good about working around Vista now!

    For more background on UAC and Vista's blocking of administrator enabled programs from running from the Startup folder, see this post of mine: Another Vista Issue Resolved: Launch Apps at Startup

    SetPoint Hacking Bonus:

    uberOptions - (freeware) - utility to enable all options on all buttons in SetPoint. Nifty little Logitech mouse SetPoint software hacking tool.  Gives you the full range of button options, and not the locked-down picks that Logitech offers.  Cool little application.

    --Claus

    Sunday, January 13, 2008

    This Weekend in Security News

    How many extras did Steven Spielberg use when filming the intense and gripping 24-minute Normandy beach scene in Saving Private Ryan? I'm still not sure but it was amazing and heart-wrenching.

    Some clever graphic artists decided to see if they could recapture a bit of the drama on a shoe-string budget, with just three actors and some very clever editing.

    Their work is very educational and amazing.

    Storming Normandy on a budget » Drawn!

    Similarly, keeping systems safe and secure against threats doesn't take a hoard of thousands, with the right tools, knowledge, skills and determination, you too can win the battle against security threats.  (I'm sure having a green-screen might be helpful as well, somehow.)

    Few more interesting posts on the computer security front.

    On Testing Considerations

    Security zone: the trouble with testing anti-malware - Computer Weekly's David Harley considers issues with testing anti-malware products.  The article itself is pretty light-reading but Mr. Harley proposes that two main issues with testing anti-malware products exist:

    ● For some reason anti-malware testing attracts many people who are not well-versed in testing methodologies in general.

    ● Even worse, it also attracts people who have a somewhat distorted idea of what this type of software is and how it works. (I will not dispute that the research community has, to some extent, brought that upon itself by cultivating a secretive, ultra-paternalist culture.)

    At a technical level, this may be true of, say, a spreadsheet program, too. However, when people review a spreadsheet program or a word processing program, they take a lot for granted: when did you last see a review of a spreadsheet program that included a check of the mathematical or statistical functions?

    Mr. Harley concludes that while there are some organizations that are trustworthy (he offers up Virus Bulletin and ICSA Labs as examples) what is needed is convincing other "casual testers" that they should follow improved methodologies for reviewing and testing anti-malware products.

    Before I recommend a product, I do research on the Net, from other bloggers, I check forums of trusted anti-malware communities, and then I do test-runs on virtual systems.  If all these check out good, if the product is stable, not slathered in bloatware or other (to me) unneeded functions, performs a variety of scans, updates the DAT signature files frequently, and is effective at removing malware I encounter in the field, I'm usually happy.  Unfortunately, there are still a lot of rogue anti-malware products out there, waiting to mislead the desperate or the unknowing.

    See also this link-laden article, also from Computer Weekly: Prevent malware infection with malware detection tools

    Super-Duper Suite of Tools

    Erwan's Lab - (freeware) - I'm not sure how I stumbled across this IP sniffer utility and utility suite but it is a pretty good collection. Does require WinPcap.  Includes basic networks traffic sniffing features like filter, decode, replay, parse…

    The IP tools include (among other things): Bandwidth monitor, adapter statistics (IP & NDIS), a wireless stumbler, list and manage routes, enable & disable host as a router, list and manage open ports and attached processes, view network config (interfaces, adapters, parameters), spoof ARP (and do ARP cache poisoning), TCP, UDP, ICMP, DHCP, change MAC address, DNS (advanced) Query, DNS Server, Local resolver, DHCP Server (with PXE support), DHCP Discover,  Whois Query, Mail client (SMTP & MAPI). TCP tools include: TCP ping, TCP half scan, Time-Daytime client/server, HTTP Server, FTP Server, HTTP Proxy, Telnet Bouncer, FTP Bouncer, LPR Client,  UDP tools (MSSQL Ping, SNMP ping, SSDP ping, Syslog client/server, Time-Daytime client/server, TFTP server), ICMP tools (Ping, GetBestRoute, GetRTTAndHopCount), TCP/UDP bounce port.

    On Microsoft networks: Spoof net send, Shutdown remote windows, Display remote windows properties, Netapi services, Terminal Services processes and sessions, Winspool services, remote drivers, remote AT jobs, remote scheduled tasks, Logged on users, Dump remote users, manage DHCP services, MS SQL processes, MS Perf counters, remote processes, remote event logs.

    Password tools include: Protected storage (IE, Outlook Express, …) , LSA secrets, Dialup Passwords , XP Credentials ( MSN, network shares, …) , IE history, Reveal asterisks / hidden passwords, RDP passwords, MSAccess passwords, enum WEP keys, MS SQL enterprise manager passwords, Known default passwords.

    Other / System tools include: Manage processes, Opened files, Windows Handles, Events for processes/events/files changes, bandwidth tester (based on iperf), manage windows devices, VBS script editor, WMI browser, Create maps with Graphviz, manage ACL's.

    Whew!  That's a real bundle of stuff!

    Screenshots at the bottom of the page.

    More Trojan Spoofing of Legitimate Malware Products

    The other day in my Anti-Rootkit Tools Roundup Revisited post, I mentioned that you need to beware of "fake" tools - especially hard when they take on the GUI of a trusted tool. I specifically referenced the Fake RootkitBuster Busted! post from TrendLabs Malware Blog.

    Turns out they aren't the only ones...and surely won't be the last.

    Prevx and Trend Micro targeted by spammers.  Seems that ant-malware company Prevx also has a rogue version of their product being offered.  This version seems to toss up a "register now" box that requests users to enter their name and email address so (at best) it is a email address harvester. However, there could be worse things lurking under the surface.

    What is really alarming about this event, is that the rogue product was actually being offered for download from CNet|Download.com directly!  Even though one component that makes this site so popular is that they have tested all the downloadables and certified them as "spyware free".

    This then becomes yet another reminder that just because you have "trusted download sources" you should still always scan them carefully before installing.  Check the reviews as well if offered as it was noted in the reviews here that it was a trojan by several community members.

    Prevx Computer Security Investigator (CSI)

    While tracking down the previous story, I checked out the real Prevx product, CSI.

    Prevx CSI - (free scans) - is a tiny download and requires no installation (but apparently does have an optional "embedded" installer if you choose to use it).

    Compatible with XP and Vista, the application quickly scans for active infections like spyware, Trojans, key loggers, viruses, rootkits, adware, screen watchers and many more types of malware. In my trial-runs, the product ran very quickly and found no threats.

    It is free for personal and business use, but there is one "gotcha." If you want to use the product to clean your system, if anything is found, then you will have to purchase an activated version of Prevx CSI Removal and Cleanup.

    So to be clear, while Prevx is freeware, it functions only as a scanner, not a cleaner.

    However, if you are doing malware-response, this still might be a great tool to add to your fighters-kit.  The scans are fast and do identify the exe file causing the issue.  It might be a good "first-pass" tool to quickly see if your system has issues.  If so, you could (and should) follow up with additional freeware anti-malware tools to clean the infection, consider purchase of Prevx's CSI Removal and Cleanup program, or if you are an advanced anti-malware buster, remove it manually yourself with your wicked-l33t haxor-busting skilz.

    Malwarebytes Tool Updates

    Mawarebytes offers some really great tools, including their new beta product Malwarebytes’ Anti-Malware (for scanning for and removing malware), FileASSASSIN (for killing locked files), and the wonderful RogueRemover FREE (for removing rogue anti-malware products).

    Two other fantastic products they have have been recently updated:

    RegASSASSIN - (freeware) - Not a commonly needed tool, but it will effectively remove stubborn registry keys by resetting the key's permissions and then deleting it. New version is 1.03.

    StartUpLite - (freeware) - disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system. New version is 1.07. What makes this program different from other auto-start inspectors/editors (like Sysinternal's AutoRuns) is that it doesn't offer you a list of ALL the startup group items. Instead it offers you a list of recommended auto-start entries you can safely disable without crashing your system.  It is a nice tool for newbies and those who are not sure about what they shouldn't disable, but want to try to improve system performance.  It's a clever tool and often overlooked.

    Trend Micro Tools

    Yes, Trend Micro took over the perennial anti-malware tool, Trend Micro HijackThis.  They have slowly continued minor updates and improvements to the program.

    Now they have a new anti-malware tool worth looking into.

    TrendSecure | Trend Micro RUBotted (Beta) - (freeware) - Runs on Windows 2000, XP, 2003, and Vista systems.

    [It] is a small program that runs on your computer, watching for bot related activities. RUBotted intelligently monitors your computer's system behavior for activities that are potentially harmful to both your computer and other people's computers. RUBotted monitors for remote command and control (C&C) commands sent from a bot-herder to control your computer. Additionally, RUBotted watches for an array of potentially malicious bot-related activities, including mass mailing - a common activity performed by a bot-infected computer.

    RUBotted co-exists with your existing AV software, providing advanced bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer's continued protection.

    So you would be able to run this alongside existing security programs to monitor for malicious software activity on a system.

    See also a related application ThreatFire AntiVirus (not from Trend Micro).

    Of course, this gets into a discussion about just how much anti-malware protection you should have running at one time.  If you feel you need to have, say five to ten of these utilities running all at once, you might want to reconsider your web-surfing behavior or even go with an Apple or Linux operating system solution instead.  Still, I like having a variety of protective tools to offer the friends and family members I provide support to.

    But that is a post for another day...

    --Claus

    New or Improved Software Offerings

    Not a lot of new software offerings this week. But there are a few noteworthy ones you might be interesting in looking into.

    BluetoothView -(freeware) - New NirSoft utility that allows you to monitor the Bluetooth activity around you.

    For each detected Bluetooth device, it displays the following information: Device Name, Bluetooth Address, Major Device Type, Minor Device Type, First Detection Time, Last Detection Time, and more.

    BluetoothView can also notify you when a new Bluetooth device is detected, by displaying a balloon in your taskbar or by playing a small beep sound.

    This could be a really fun tool if your laptop supports Bluetooth!  See what's going on around you! As Nir Sofer points out, if your neighbors (or your own kids) have Bluetooth enabled devices, you can see when they come and go by "tracking" the devices.  Cool and creepy!

    Revo Uninstaller - (freeware) -  Freeware - uninstall, delete, remove unwanted programs and traces easily.

    What's new in Revo Uninstaller version 1.42:

    • Added new cleaning options to Windows Cleaner tool
    • Improved user interface of Windows Cleaner tool
    • Improved handling of Microsoft Windows Installer (MSI) based installations
    • Added showing empty leftover folders after scanning
    • Added detection of grouped taskbar buttons in Hunter mode
    • Bug Fixed in Hunter mode - Detecting similar applications on desktop
    • New languages are added!

    KeePass 1.10 - (freeware) - This is my favorite password manager, and the latest version packs quite a few new additions, some of which I've highlighted below.

    New Features:

    • Added configuration file caching (highly increases performance when running KeePass from slow devices like USB sticks).
    • Added mini mode (must be configured in the INI file manually; in mini mode, a lot of functionality is hidden; see help file - Technical FAQ).
    • Added password generator option to exclude/omit user-specified characters in generated passwords.
    • Added option to disallow repeating characters in generated passwords (both character set-based and pattern-based).
    • Moved security-reducing / dangerous password generator options to a separate 'Advanced' dialog (if you enable a security-reducing option, the 'Advanced' button in the password generator window is shown in red).
    • Internal random number generator is now additionally seeded using random bytes provided by the system's default CSP.
    • Internal random number generator is now additionally seeded using a newly generated 128-bit GUID.
    • A default user name for new entries can now be specified in 'File' -> 'Database Settings'.

    Improvements:

    • Changed field order: password follows user name now (note: if you use your previous configuration file, the columns in the main window will be ordered the old way; to change it, drag&drop the column headers manually to adjust the order).
    • Improved startup time.
    • Improved search performance.
    • Improved internal menu handling.
    • Improved print options dialog (replaced "export" by "print", excluded irrelevant export options, ...).
    • Optimized performance of process memory protection algorithm.
    • Minor improvements in the installer.
    • Minor dialog text improvements.

    Bugfixes:

    • Password generator does not crash any more when trying to generate a password using an empty pattern + random permuting.
    • The Ctrl-Alt-K global hot key correctly brings the KeePass main window to front when it's hidden behind other windows.
    • Changing the state of the 'Randomly permute characters of password' option now correctly selects the '(Custom)' profile.

    Java SE 6 Update 4 Release - (freeware) - This week version 4 of Java SE 6 has been released. So far, neither the internal Java updater or the Web Site are finding or reflecting the new version release just yet.  If you want it early (which is probably a good idea) you will want to manually download and install it.  Most home users will want to just get the Java Runtime Environment (JRE) 6 Update 4 version.  Download it and install.  Then go back and do a manual uninstall of the JRE 6 Update 3 version from your Control Panel's Add/Remove program list to remove the vulnerable version.

    AutoRuns v9.02 - (freeware) - This update from Sysinternals fixes a bug where Autoruns would crash when deleting the last item on the Everything page.

    TcpView v2.53 - (freeware) - This update from Sysinternals addresses a memory leak.

    OpenedFilesView - (freeware) - This NirSoft tool allows you to view opened/locked files in your system (sharing violation issues).  Version 1.12 fixes the following issue: On Vista, OpenedFilesView now automatically requires to run as administrator (When User Account Control is turned on).

    Get them before they are gone!

    --Claus

    This Week in Vista News

    I've collected a few interesting bits of news on the Vista front this week.

    Comodo Firewall Updated - Fixes Vista Update Problem

    In my post Vista KB942763 Update Failure and Solution I tracked own an issue with Comodo's firewall (Defense+) causing some Windows Updates for Vista to fail.  There were a number of workarounds, with the most consistent one being to uninstall Comodo, install the update, then reinstall Comodo.

    Luckily, the programmers at Comodo have been hard at work and just released a new version of Comodo Firewall 3.0 Pro that fixes the Vista update issue.

    Version 3.0.15.277

    • Fixed the bug causing Windows Updates to fail in Windows Vista.
    • Fixed the bug causing Windows to show "Access Denied" message while deleting a folder.

    If you are interested, go download the new and Vista-improved version.

    Display the Administrator Login Account

    Even if you decide to set up one of your Vista profiles with "administrator" rights, sometimes it still doesn't allow you to do what you want.  You will have to elevate your permissions to "administrator" anyway, or even do some "elevated-permissions" command-line jujitsu to accomplish what used to be pretty simple in XP or Windows 2000.

    One alternative is to just log in under the "Administrator" account and not your "administrator" account.

    But how do you get it to show up on your login screen?

    Open a command prompt in administrator mode by right-clicking and choosing "Run as administrator."  Now type the following command:

    net user administrator /active:yes

    That should get it showing up next time you get to the login screens.

    To disable it, repeat the elevated command-line mode and type net user administrator /active:no

    --tip via Lifehacker

    If you do choose to display the Administrator account, I would highly advise putting a password on it to keep other users from getting in over your head on the system.

    Updated Vista SP1 RC1 Refresh Released

    I'm still not brave enough to put any of the current SP1 releases on our Vista laptop yet.  I'm waiting for the final version.

    The first round release of this version was only offered to about 15,000 beta testers using a direct (for them) download link.

    Now it has been opened up to the public.

    You still need to uninstall your current Vista SP1 RC version (if you installed an earlier version) before you put this one on.

    More details here: TweakVista.com - Updated Vista RC1 build - Public Release!

    It's pretty clever what the Microsoft public download link for the RC1 Refresh does.  The service pack is actually delivered to your Vista machine (if enabled) via Windows Updates.  If you download and run the nicely named "Windows Update Experience for RC Refresh Public Availability.exe" file, it actually creates a series of registry keys that allows Windows Updates to see and deliver the Vista SP1 RC1 Refresh version to your system.

    ITsVista broke open that exe file to show the actual registry key setting commands, if you are interested in peeking at them.

    Tiny and Beautiful Vista Mini-Apps

    Ave's Vista Apps page offers us some wonderfully simple and beautiful applications to add a touch of class to Vista (and XP) systems. All are freeware.

    • Glass Toasts - "replaces the standard plain "balloon" style notifications with an Areo-style window effect."  Very pretty.

    • 3D User Picture - "replaces the user picture in Vista's start menu with a pretty 3D animated one."

    • Thumbnail Sizer - "easily change the size of Vista's Window thumbnails that show when one hovers over the taskbar button for the window."

    • AveDesktopSites - "replacement for the Active Desktop utility that is no longer present in Windows Vista. The application will now show websites on the desktop, but, unlike Active Desktop, they can not be interacted with."

    • Desktop Effects - "an application that adds special effects to your desktop. Forget the old boring and static wallpaper! Show a dynamic photo slideshow on your desktop, or just use it to scribble notes."

    • Extra Desktops - "is an application that allows to use extra desktops, besides the normal desktop. Use a desktop for storing your downloads, use one filled with your regularly played MP3, use another one for the files of that project you are currently working on. With Extra Desktops, there is no need anymore to browse to all these folders you regularly use: simply hit a key, and the files are right there on your desktop!"

    • Vista Folder Background - "In Vista, the ability to have custom backgrounds in explorer folders is gone. This small application makes folder backgrounds possible again."

    I'm sure you will be able to find at least one of these tiny-tweaks helpful on your system.

    All programs require Visual Studio 2005 SP1 Runtime Files to be installed on the system.

    Hard Drive Monitoring in Vista

    Yes, I gave you a slew of tools to monitor your hard-drive last week.

    However, 4sysops reminds us that Vista has its own tool to help you see just what is going on that hard-drive: How to find out what keeps your hard drive busy under Windows Vista.

    1. Click the Vista Start Orb,
    2. In the Start Search bar, type perfmon  You should see perfmon.exe appear at the top.
    3. Select it to launch.
    4. The Reliability and Performance Monitor window will appear.
    5. Find the "Disk" bar under the graphs and click the drop-arrow on the bar's right-hand side.
    6. The information should display.

    This area lists the following information in sortable columns: Image (program name), PID (process ID), File (path to running program), Read (B/min), Write (B/min), IO Priority, and Response.

    I still prefer Sysinternal's Process Monitor myself, but this is a great "on-hand" tool when you need one.

    Mark Minasi's Vista Tips Extravaganzas

    Ever since I dug up Mark Minasi's Windows tips newsletters back when I was figuring out ImageX and WinPE 2.0 , I've been keeping an eye on his site for the next installments.  His tips are very detailed and educational.

    Two new newsletters were released this week and are defiantly worth checking out.

    Newsletter #59 January 2007 (Meet Windows PE) - Nice refresher on WinPE 2.0. What it is, what it does, how to build it.  I've already covered all this before in my earlier posts, but there is still some good information to review here if you are familiar with it.

    Newsletter #60 January Late 2007 Building Vista Install Scripts - This excellent and very well illustrated post covers how to use a basic Autounattend.xml file to script a Vista installation.  Then he gets deep into using the Windows System Image Manager (WSIM) to build advanced Autounattend system setup scripts.  It is a very good overview and hands-on primer on how to use this tool.  While not something that most home users would ever use, if you deploy, or will be deploying multiple Vista systems and you want to cut down the installation and configuration times.

    --Claus

    Daughter, Dad, and Daily Chores

    We are not really a pro-NFL household.

    However, for some reason Alvis has now decided she is a die-hard Dallas fan.  So we made plans last weekend to spend Sunday camped out together, dad and daughter, in front of the widescreen TV and watch the playoff game together.  Unfortunately, we both had long lists of chores to complete first.

    Dad had to cover the laundry, scrub-down all the bathrooms, vacuum the floors, clean the kitchen, and haul out the trash.

    Alvis had to do her homework, do the first-pass cleaning of her bathroom, and get her room organized.

    Once done with that, we ran out to the pharmacy together to restock some bathroom items and grab some of Lavie's prescriptions.  Oh yes, Alvis had to pick out a hair-coloring kit.  It's a normal thing for us to be found considering which of several shades of hair-color we should go with.  Alvis thinks her natural hair color is a bit uneven, so Lavie has cleared Alvis to periodically have it colored.

    Since we were getting close to the kickoff time, Alvis suggested we make a bunch of finger-snack plates for the game/dinner.

    So we swung by the grocery store and picked up some summer sausages, various cheeses, fancy crackers, a few bags of chips, and hot-fries.  We grabbed some root-beer cans.  For some reason, Alvis was in the mood for pistachios as well.  When we got home, I wrapped up some loose ends on laundry swaps (washer to drier).

    Then dad colored Alvis's hair.

    That is something else.  Alvis's hair extends way past her shoulder-blades, so there is just enough hair-color mix to get it, but barely.  The hardest part coloring long hair is that it tends to get matted so I have to carefully use a wide-toothed comb to keep it neat and even.  I think this is the third time we've done the coloring so I'm getting much better managing it.

    Thirty minutes later we had the color rinsed out, conditioned and Alvis was delighted with the results of the new color choice.  She thinks it matches that of her cousin's.  It's a rich brown-blonde color and looks very becoming on her.

    We got the food put out and the buffet started right as the game began.

    So far the Dallas game has been pretty good.  (Alvis's actual interest it it appears to be about a 7 on a 1-10 scale.)  But we are having fun.  Lavie just shakes her head when she comes in to check on us.

    When the game is over, I've promised Lavie I'll color her hair next.  She already has the box out on the counter.

    Maybe I'm in the wrong business....

    A husband and father's day is never done.

    Now if I can talk them into folding and putting up the laundry...what are the odds?

    --Claus

    Saturday, January 12, 2008

    What Did EULA Say?

    All too often when installing new software or registering for new websites, I am presented with a EULA (End User License Agreement).

    I try (usually) to read through these things to make sure I'm not selling my system's soul to shady practices.

    However, some of it can be a real pain in the rump to read through.

    There are two great resources I know of to ease the process of understanding just what you are agreeing to.

    For comparisons, I am going to use Google's Terms of Service.  However just about any EULA that you can copy/paste should work fine in both of these tools. That includes those found on websites as well as those that appear during (pre/post) software application installations.

    Spyware Guide's EULA Analyzer

    SpywareGuide.com EULA Analyzer - (web resource) - Click the big "Start EULA Analyzer" button on the page, copy and paste the text from the target EULA and click the "Start Analyzer" button.

    You can add a Title, URL and optionally save the EULA and create a bookmark for linkage. (example from my run).

    Results may displayed in a detailed analysis, legal layout, or reading battery format.

    You get a count of characters, words, sentences, and several readability scores.

    There is a summary section which provides the flagged characteristic count and breakdown.

    The tool will quickly pick out and flag any particular phrases it finds noteworthy for special attention with bold blocks on the left-hand side of the Details section.  If you click the "change viewing mode" link at the bottom it will return the original content format with flagged sections highlighted and accompanying notations.

    Run-time to perform the analysis depends on the loads of the servers as well as the complexity and size of the EULA in question.

    In my pass of the Google Terms of Service, it found 11 characteristics; with 8 references to advertising, one reference to on-line promotions, one reference to tracking or monitoring, and one reference to monitoring of usage.

    Spyware Guide notes:

    Some people who can benefit from this tool include:

    • Parents who want to analyze the privacy impact of software their children might by downloading on P2P networks.
    • IT administrators who must rapidly evaluate whether a program is suitable to reside on their network or carries privacy risks that might violate corporate policies.
    • The tool might also be useful for educators teaching e-commerce classes to students about the implications of online contracts.
    • Government bodies that wish to perform further analysis on a EULA for legislative research
    • The EULA analyzer is a perfect tool for independent spyware researchers who frequently analyze the EULA as a regular part of their practice and volunteer efforts.
    • Attorneys or legal professionals who want to dissect EULAs for legal research.

    SpywareGuide's tool isn't "portable" since it runs off their servers.  However, it is a great starting point and should be reachable when you need it.

    Javacool Software's EULAlyzer

    EULAlyzer personal - (free for personal and educational use) - Unlike the web-based solution of Spyware Guide, this product can be installed locally on a system.  (It seems to be working fine on my USB stick as well where I copied it to from my Program Files folder.)

    Once installed, launch the program and you are presented with the main window.  Here you can check for updates to the application, scan a new EULA, view your statistics and any saved EULA's you set to keep.  It also has a link to the EULA Research Center (on-line) where you can submit interesting EULA finds to them to improve the product's detection algorithms.  This is a nice "community-building" touch.

    If you click the Analyze option, you can either paste your own copied text into the area, or use the handy capture tool to accomplish the same thing.

    Click "Analyze" and let it rip!  It is very fast.

    The results get a EULA Interest ID code, a results window which allows for each category item to be expanded to see the details along with a color-coded interest-level bar,  as well as a summary conclusion on the EULA overall.

    You can search the EULA text for key words, save, and "submit online" from this page as well.

    In my pass of the Google Terms of Service with this tool, it flagged text in the following categories: Advertising (12 references), Promotional Messages (1 references), Third Party (4 references), Web Site Address (7 references), and Without Notice (2 references).

    The Interest Level color-coded bar I noted should alert you if the terms are very suspicious or restrictive.  I've seen some 8's before on one or two EULA's, but the Google's tend to be mostly average "5" level scores.

    EULAlyzer is a really neat and clever product.  I really like it and find it wonderfully helpful in trying to quickly get a feel for a products EULA.  If I find one that gets very high (bad) marks that might set off some warning bells in my head and I will take a closer look at the product and/or do more on-line research.

    Javacool Software notes about their product:

    EULAlyzer can analyze license agreements in seconds, and provide a detailed listing of potentially interesting words and phrases. Discover if the software you're about to install displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much much more.

    The Benefits

    • Discover potentially hidden behavior about the software you're going to install
    • Pick up on things you missed when reading license agreements
    • Keep a saved database of the license agreements you view
    • Instant results - super-fast analysis in just a second

    Also available is EULAlyzer Pro - ($) - This version included EULA-Watch which runs "real-time" in your system to intercept and decode EULA's automatically when encountered in a software install, automatic updates, and coverage of all new version releases during the 1-year license timeframe.

    Final Thoughts

    These tools are not meant to replace a full reading of the EULA, nor are they considered "legal" advice.  They do however, quickly bring up content found that might be of significant concern or note.

    In today's murky waters of what rights you "think" you have and what rights companies and providers "might" be extending you, it's a good thing to always stay informed and aware.

    High marks (in a good way) to both these tools!

    --Claus

    Move that Window! and Quick Screen-saver Launching

    Last month I was fussing about how I when I use an application at work on my secondary monitor, I sometimes forget to close it out on my primary laptop screen.  Then when I am mobile and launch it, it reruns on the missing secondary screen.

    If the program uses an .ini file I just edited it and set the X and Y display values back to 0,0 to get the program to open on my laptop display.  Sometimes that's not an option and I am stuck.

    Ashley over at CyberNet News posted this very simple tip.

    Ashley's tips are simple.

    1. Right-click on the application in the system-tray,
    2. Select "Move"
    3. Take a stab in the dark and try to use the move-cross cursor on the phantom space to drag the application back, or
    4. ...just press the keyboard arrow-keys to move the application window back to your laptop monitor.

    It really isn't any easier that this.

    But if you really want to use a GUI solution, here is a great alternative.

    Windows Seizer

    Window Seizer - (freeware) - This is a standalone (portable) single exe file application that brings a wealth of helpful info-at-a-glance items for all the windows open and running on your system, including memory usage , window handle, class name, parent handle, window visibility, process ID, status, filename, path, X coordinate, Y coordinate, width, and height.  These are all great items to know if you are hunting down the source of a malware-generated window.  With that information, you can drill down directly to the source of your troubles.

    However, besides just information, you get additional functions you can run on the windows such as selecting a window item and bring it to the foreground, "Close all IE windows" which will force-close all Internet Explorer windows.  Very useful when your system has been attacked by a malware bot that has just opened up hundreds of the things.  You can close one window, selected windows, or all windows. Show hidden and blank captions for windows that aren't visible on the desktop.

    Finally, there is my favorite function: Move to 1,1.  This moves the target window back to the top,leftmost screen position.  Very handy when you can't drag a window back to your desktop with the mouse (due to user error, malware programs, or launching on a phantom dual-monitor desktop as is often my case).

    I really like the options this utility provides and it is a great single-exe file solution to many malware and window launching issues.

    Related program:

    WinLister - (freeware) - NirSoft tool to display the list of opened windows on your system and perform some simple and handy functions on the open windows it discovers.  Also finds and displays (0,0) sized windows (if enabled) sometimes used by malware or other legitimate programs.  It's a very neat tool that might enlighten you on just all the windows your Windows system really is running, without your knowledge.

    RE: Manual Screen Saver launching

    Just the other day, I was looking for a way to manually kick-start my screen saver.  Normally I set it to engage just after 10 minutes of non-activity.

    However, sometimes I want to manually start it, like when I am sitting down for lunch, meeting with someone, or have my laptop in a meeting.

    Right now I am using the 9031: FLIQLO Flip-Clock Screensaver. It is really simple, but provides a nice and bold time-display on my monitor.

    I could have just done the simple thing of making a shortcut to the desktop of one of the system's screensaver .scr files. Double click it and most should run immediately.

    A search on Google turned up some various mini-apps that did the same thing.

    I wanted a bit more bang for my punch, but also wanted to integrate it in my RocketDock toolbar.

    Here is what I did.

    1. Download NirCmd (freeware) from NirSoft and unpacked it into a folder.
    2. Drug the program icon onto my RocketDock toolbar.
    3. Opened the icon settings options for this toolbar item.
    4. Change the default icon to a more suitable one of a monitor.
    5. Typed "screensaver" in the Arguments line.
    6. Saved the changed.

    NirCmd is a freeware command-line tool that performs a great-number of handy actions.  Since one of the things it can do is to launch your screensaver this seemed like a great tool.  Also, since RocketDock supports arguments for its items, I could easily tweak the icon so it just ran the screensaver launch immediately.  Handy!

    Now when I want to watch/launch my flip-clock screensaver, I just click one icon on my toolbar and it fires right up!

    --Claus

    Anti-Rootkit Tools Roundup Revisited

    It was just a year ago that I tried my hand at collecting useful Windows applications that could help scan a system to identify potential root-kits.

    I encourage you to return to it and re-read it. The principles still remain.

    • Rootkits are bad...and can still be found being deployed using holes in unpatched systems.
    • Rootkits work their magic by (basically) hooking into the most basic levels of the system kernel so that normal attempts to find them fail as they are hidden and/or pass false data off to the requests.
    • Identification requires specialized software tools that work around those tricks, or booting "off-disk" with an alternative boot system from the target disk and then examining it "from the outside looking in," statically.

    Rootkits are slowly making their way back into the geek-news circles with notice of a new (old) Master Boot Record (MBR) rootkit that has been slowly evolving from concept to in the wild deployments.

    This post gives a great timeline of this particular item, from Proof of Concept (eEye) back in 2005 to release in late 2007 by attackers. GMER has a great writeup and comparison of it against the PoC version.

    Generally, as the Handler's Diary posts, Windows users who are fully patched with their Microsoft Updates should be safe. If you aren't patched, you need to be.

    So it was in this backdrop that I decided to revisit my pile of portable anti-rootkit tools to see which ones needed to be updated, if any new ones had been made, and update the list I keep for reference.

    Beware of "fake" tools - especially hard when they take on the GUI of a trusted tool. I encourage you to verify your sources. Fake RootkitBuster Busted! - TrendLabs Malware Blog

    Note: All products, unless otherwise noted, are freeware.

    My Portable USB Anti-Rootkit Tools

    Through trial and error, these are the anti-rootkit tools I have found which seemingly will run successfully off a USB drive. Others may also exist, but these are the ones I rely on the most (in alphabetical order).

    • AVG Anti-Rootkit Free Edition - Simple interface. Pretty speedy.

    • Bitdefender Rootkit Undercover - no longer found on the site. Linked to Major Geeks download pile site.

    • CatchMe Scanner - Userland rootkit detector from the GMER team.

    • F-Secure Blacklight - Restrictive wizard interface, but easy to use for the uninitiated.

    • DarkSpy- Chinese developed tool. Supports process, kernel mode, file, registry scan (disabled in test version) and hidden port detection. Screenshot via Antirootkit.com.

    • GMER - The tool that's got everyone in a fuss! Scans for hidden processes, services, files, registry keys, drivers, and hooks. Also allows some system function monitoring. Highly regarded by the antirootkit professionals. More screenshots (while the site is up).

    • Helios Lite - New product developed to be portable from the original Helios team.

    • HookExplorer - Tiny little application. Displays import address table (IAT) hijacks and "detour style hooks." Lots of information in the tiny display!

    • IceSword - Developed in China but nicely translated into English. Busy interface but updated often. Has some advanced tools like the ability to "reboot and monitor" during the boot process. More information over on the Anti-rootkit blog description page.

    • McAfee Rootkit Detective Beta - "McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system." Nice interface.

    • Panda Anti-Rootkit - See product guide - beta software. Looks at hidden drivers, processes, modules, files, registry items, hooks. Not a lot of user options...scan, clean, and view results. Download link/info page via antirootkit.com.

    • Rootkit Detector - Composed of both a file system module and an IAT Analysis Module

    • RootKit Hook Analyzer - Reports on any system hooks and modules and displays findings.

    • Rootkit Revealer -From the Sysinternal's team. Easy to use, but does often turn up documented false-positives. Just identifies suspicious processes...you are on your own to delete them with other methods and applications. Better for system checking and monitoring, rather than protection and removal in-of-itself.

    • Rootkit Unhooker - Link to page on antirootkit.com for download and info. Interestingly, this team has now joined Microsoft. Maybe their talents will get folded into the Sysinternal's Rootkit Revealer product.

    • SEEM - Multi-purpose system reporting tool that has an interesting interface. Includes a rootkit scanner as part of it's features. Website (translated from French) has quite a bit of good information on rootkits and as they apply to their program. Download page (kinda hard to find in French). Get the English version unless you know French.

    • Sophos Anti-Rootkit- "Sophos Anti-Rootkit provides an extra layer of detection, by safely and reliably detecting and removing any rootkit that might already have secreted itself onto your system." Note: Registration required for download from the vendor's site (or just get it from Major Geeks directly). The utility itself is free.

    • Trend Micro RootkitBuster - Runs scans in five system areas and exports a nice log file. You can then opt to remove the detected items.

    Anti-Rootkit Blog's Vista-Compatible Anti-Rootkit List

    Anti-Rootkit Blog posted a list of seven rootkit scanners they found will work well on Vista systems. They have nice screen shots as well.

      1. F-Secure Blacklight

      2. GMER

      3. Icesword

      4. Rootkit Hook Analyser

      5. Rootkit Revealer

      6. Rootkit Unhooker

      7. Unhackme

    Additional Anti-Rootkit Tools that are still Kicking Around

    I've cleaned up my old list to reflect products that have been retired or were now dead-links. These remain.

    • Gromozon, Rustock, Haxdor related removal tools - Specialized and targeted rootkit removal tool list via Antirootkit.com

    • Aries Sony Rootkit Remover - Tool to remove the Sony/BMG DRM CD protection software.

    • Archon Scanner - More of a process, injection, hooking scanner. But has other specialties as well. - current version was beta and has expired...developer's promise new one sometime.

    • Avira Rootkit Detection - Beta product disabled after 1-4-07. See Antirootkit.com's page for file.

    • Helios - Behavior-based, not signature based detection. Interesting interface and approach. Worth looking at. Requires .NET framework to be installed. Developers offer videos as well of their tool in action.

    • HiddenFinder - trialware - Shows hidden processes and drivers on a system and then allows for killing of the desired process.

    • Process Master - trialware - API comparison tool.

    • System Virginity Verifier - Tool developed by Joanna Rutkowska to validate system integrity by checking important Windows System components targeted by hidden malware. She also provides links to some related PowerPoint presentations.

    • Unhackme - trialware - limited to 10 runs until license purchased and entered - In standard, "Roaming" and "Professional" editions. University of Minnesota's Safe Computing page documents rootkit removal tutorial with Unhackme.

    More Information for the Interested

    I've copied this information from my last post, because these sources remain excellent reviews on rootkits and the professionals who study and defend against them.

    Finally, these links provide more names and references for additional anti-rootkit tools. I haven't tracked down or tested many of them. Pursue at your own efforts and risks.

    See you in the skies...
    Claus