Sunday, June 21, 2009

Security and Forensics Linkfest

I got to confess, a few weeks ago while I was working on a rather challenging data-rescue project over the course of a week or so, I was having a blast.

Then I shifted gears and had the opportunity to work on a high-level workgroup and provide documentation support.

I really miss it when I’m not “getting my hands dirty” directly on systems.

Working an issue with trusted tools or searching for just the right new one to do a task better is so much fun.

Here’s a well-rounded selection of security and forensics tools and resources that are almost certainly will have you scrabbling around for a system or two to throw them at.

  • More Links - Windows Incident Response – Harlan has a most excellent and jam-packed post full of forensics goodies such as a reference to a new Windows memory imaging tool update for the free Win32dd.  Also in that post was introduction (to me) of a new system info-gathering tool called MIR-ROR.  Like similar “collective” tools such as his own RegRipper, Security Database’s Evidence Collector, and Mandiant’s First Response these multi-function info collection tools aren’t solutions in themselves, but they can make the collection of first-pass level logs and information simpler.  Armed with these after careful analysis by the responder, more surgical system analysis can take place with task-specific tools. I’ll let Harlan’s own words on MIR-ROR speak for themselves…

I recently heard about a tool called MIR-ROR, put together originally by Troy Larson and then expanded by Russ McRee, both of Microsoft. Russ blogged about it here, and there's a toolsmith article available on it, as well. MIR-ROR is a batch file that is useful for running tools on a system as part of incident response; what I like about this is that Russ isn't sitting back hoping that someone does something like this, he's taking advantage of his knowledge and capabilities to put this together. And he's made it available to the public, along with instructions on how to run it. I like tools like this because they're self-documenting...properly constructed and commented, they serve as their own documentation. As always, the standard caveat applies...use/deploy tools like this as part of an incident response plan. If your plan says you need to acquire a pristine image of the drive first, you will want to consider holding off on using a tool like this...

You will have to collect many of the executables that are needed and assemble them into the package.  The documentation is great.  As I recall I found a few references that were off but some patient Googling turned up the correct locations and I soon had it all put together.

  • Memory Acquisition for First Responders – Forensic Incidence Response blog – Since I just mentioned win32dd this post by hogfly came at an opportune time.  I believe that while memory acquisition and imaging is still primarily of use to forensic examiners, system admins can use the same lessons and apply them when doing incident response to a malware-infected system.  As I say over and over again, too many IT Techs when getting a report of a virus/trojan/malware infection just run roughshod over the system with anti-virus/anti-malware cleaning tools and remove critical information to help understand WHAT is going on and WHY. There are LOTS of great Windows-based tools to capture memory images and data…many of them free (another post) so there’s little excuse not to capture an image of the memory of an infected system before going to town on the cleaning.  Getting a sector-based image of the physical drive could also be valuable as well.  This gets the end-user up and producing again and lets the analysts have more time in the lab dissecting the cadaver without everyone breathing down their neck with impatience.

  • Live Analysis Part I - Changing of the Guard - The Digital Standard – Thoughtful post by cepogue on just that prior theme. Sometimes some incidents (or organizational attitudes/processes just don’t support the “by-the-book” Incident Response handling methodologies.  Managers want the system cleaned and up and running, users complain about loss productivity, you can’t convince anyone who matters about the need to determine what if any data may have leaked. So many techs (and “my-blood-runs-IR” analysts) have to do a crash-n-dash response.  That said, with skill and pre-planning, you can still make the best of a bad IR situation and hopefully walk away with valuable info despite the organizational “head-in-the-sand” culture.  I’m looking forward to Part II.

  • Forensics 101: Acquiring an Image with FTK Imager – SANS Forensics blog – Great how-to post on using FTK Imager to perform a GUI-based image pull from a system or storage device.

  • Directory Link Counts and Hidden Directories – SANS Forensics blog – This post was a neat review of Unix file-structure handling and how to leverage it for searching for hidden directories. I was wondering if there was a Windows-supported solution.  I saw in the comments note that OSSEC has this ability and in poking around found an agent tool compatible with Windows in the Downloads section.  Though not exactly the same there is Joanna’s tool FLISTER from her tools page which might be worth looking into as well for Windows folks.

  •  Getting your fill of Reverse Engineering and Malware Analysis  - An outstanding collection of links to sites/sources for reverse engineering and malware analysis tools, techniques and news.  Quite bookmark-worthy.

  • New BackTrack 4 “Forensics Mode” -  News that the next version of BackTrack (security and pen-testing LiveCD) will offer a “forensics-mode” boot-option from the Grub loader.  Nice to have this option available to a venerable security minded LiveCD. If you just can’t wait, Remote-Exploit has made the BackTrack 4 Pre Release download ISO (fyi-DVD sized) available at that link.  For even more info check out the release pdf and Introduction Video.

  • Helix3 2009R1 FREE is once again available for download from the developers.  Please see this GSD post Helix3: Thanks for the memories… to come up to speed on the issue.  A recent comment by Lauren on that post got me looking around (and I did have to look hard to find it!) for the download link on the e-fense site.  It can be found here. Registration is required to get to the download page, but if you hadn’t already tucked away a ISO file of the last free version, you do now have a safe option to get it fresh.  Of course, to e-fense’s credit, they would rather you pony up some $ to get the newest (non-free) version of HelixPro and depending on your needs, that might be a better thing to do.  Either way, it’s nice having the choice again.

  • Download HelixCE200401brc1.iso RC1!!! Updated – Meanwhile, out of the previous “Helix going commercial” drama mentioned above, Charles Tendell struck on a new Helix “Community Edition” version.  Due to licensing and other issues (RE: IAMAL) , he had to strip out some e-fense specifically-developed apps from his build that were present in the original Helix project builds. However he continues to plug away at filling the voids with new tools from other sources. Check it out including these screenshots and application list.

  • Explorer Suite (PE analyzer) III – NTCore – A jam-packed tool to allow analysis and review of executable PE files.  From the developer:

Created by Daniel Pistelli, a freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium. 

  • Ophcrack 3.3.0 and Ophcrack LiveCD 2.3.0. – New versions of these password auditing/cracking tools are now available. Don’t let the unsync’ed versioning fool you. The main program is version 3.3.0 and the LiveCD version 2.3.0 contains the program version 3.3.0. Go figure. Changes in the new version are described on their News page as follows:

Ophcrack version 3.3.0 includes support for our new tables vista_seven. These tables crack 99% of passwords of length 7 composed of almost any character including special characters. This table set will be included in our professional tables bundle.

New features have been added like the table size verification in order to warn the user if the tables have not been fully downloaded for example. It is also possible to tune how the preloading should be done.

An important effort was made to release a brand new LiveCD. A very interesting and refreshing distribution called Slitaz was customized to make a lighter than ever ophcrack LiveCD. It should enable us to update the LiveCD more often and to make your experience much better too. We would like to thank Slitaz team for their support in making this LiveCD. Do not hesitate to give a look at their stable distribution!

  • NetworkMiner v0.88 – New release on this awesome packet-capture management tool. What I really like about it is the ability to parse PCAP files for offline study as well as the ability to extract and save media files (such as audio or video files) which are streamed across a network. Supported protocols for file extraction are FTP, HTTP and SMB.  I don’t have to packet-sniff often, but when I do and I need to analyze a lot of the content being moved, this is the first tool I reach for…hands down!
  • Wireshark version 1.2 – Speaking of network packet capturing..Wireshark got a bump to version 1.2.  According to the Release notice:

This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

In this release
  • Wireshark has a spiffy new start page.
  • Display filters now autocomplete.
  • A 64-bit Windows (x64) installer is now provided.
  • Support for the c-ares resolver library has been added. It has many advantages over ADNS.
  • Many new protocol dissectors and capture file formats have been added.
  • Macintosh OS X support has been improved.
  • GeoIP database lookups.
  • OpenStreetMap + GeoIP integration.
  • Improved Postscript(R) print output.
  • The preference handling code is now much smarter about changes.
  • Support for Pcap-ng, the next-generation capture file format.
  • Support for process information correlation via IPFIX.
  • Column widths are now saved.
  • The last used configuration profile is now saved.
  • Protocol preferences are changeable from the packet details context menu.
  • Support for IP packet comparison.
  • Capinfos now shows the average packet rate.

For a complete list of changes, please refer to the 1.2.0 release notes.

  • VirtualBox 3.0 Beta 1 released. – While Sun’s VirtualBox public (stable) release version is at Version 2.2.4, this new 3.0 Beta 1 version brings a whole mess of exciting (and probably unstable) features!  Along with lots of tweaks, bug-fixes, and enhancement, the following new features are on their way in this version:

Version 3.0 will be a major update. The following major new features were added:

  • Guest SMP with up to 32 virtual CPUs (VT-x and AMD-V only)
  • Windows guests: ability to use Direct3D 8/9 applications / games (experimental)
  • Support for OpenGL 2.0 for Windows, Linux and Solaris guests

For more information on VirtualBox betas, drop into and monitor the VirtualBox Beta Feedback forum.


--Claus V.

Saturday, June 20, 2009

Browser News and Tips

Miscellaneous news and happenings in the world of web-browsers.

Firefox First

Firefox 3.5 RC1? and Firefox 3.5 Release Candidate 2 Released - The Firefox Extension Guru’s Blog – If you blinked this week you probably missed 3.5 RC1.  I saw it was coming and pulled it down by doing a manual Check for Updates.  If you didn’t or were waiting for a big public announcement…you probably missed it!

First look to Firefox 3.5 RC2 - Mozilla Links blog opens up with news that the first RC wasn’t that big a deal and this one doesn’t add much more to the party…then goes on to long-list all the neat and improved features it provides…whazz-up?  It’s a good rundown and 3.5 RC2 has been rock-solid on all my various (and I do mean various) Windows systems.

But really…why the fast RC1 to RC2 release jump?  Mozilla is usually very cautious and deliberate in these semi-public official releases.  There has to be a story behind the story. Right?

Maybe so…

Mozilla posts yet another Firefox 3.5 Release Candidate – Betanews’ Scott M. Fulton, III digs around and comes up with this information in a really brief post.

It was apparent yesterday, after a test of the organization's latest private daily build of the Firefox 3.5 browser, that Mozilla's developers had discovered a jackpot of performance improvements in some specific areas: JavaScript math, RegEx (regular string expression) searches, and general control flow. Betanews tests yesterday gave the Thursday morning build 8% better overall speed in Windows 7 RC, and a better overall performance index score on that platform of 9.35 versus 8.81, relative to the performance of Microsoft Internet Explorer 7 on Windows Vista on the same physical machine.

Now it appears the team is willing to capitalize on that find. This morning, Mozilla's servers made available Release Candidate 2 of Firefox 3.5 to the general public. Again, the team makes these public builds available prior to a formal announcement, though word from Mozilla about RC1 was actually rather quiet this week. The possibility of an RC2 in the near term -- just days later -- may have been why.

Firefox web browser 3.5 RC2 Public Link – Mozilla’s latest public Release Candidate can be found here if you are still on the 3.0.x builds and are curious.  Most of the popular extensions for 3.0 builds have been updated to support 3.5 so it might be a good time to try it out if you are curious.  More technical news and warnings here: Mozilla Developer News » Firefox 3.5 Preview now available for beta users

The new Firefox icon - Mozilla Links – Besides the speed and other feature enhancements, this RC version now brings with it the updated Firefox icon.  As silly as it sounds, it really does stand out as I have multiple versions of Firefox on some of my systems and seeing the icons side-by-side on my desktop the differences are clear.  Well done!

Firefox/Sprints/about:me – MozillaWiki – very preliminary work on an extension that provides drill-down data on your Firefox browsing patterns.  Scary stuff for some but a goldmine for OCD Firefox users. I was curious to install the very early version on my system.  I read (somewhere but didn’t save the link) in this post peek: profiling yourself at Mozilla Links blog that this might be added in as a “feature” of future Firefox versions (Danger Will Robinson…Feature Bloat Detected…Danger Will Robinson!)

A statistical analysis of the user's history, average tab load, etc. Like Google Zeitgeist, but based on their Places database.
  • Dietrich has an add-on that does some of this already. screenshot

Introducing Add-on Collections - Mozilla Add-ons Blog.  In a effort to make the power of Firefox's extensibility even more easy for Firefox virgins to join in on, Mozilla now has a project called “Add-on Collections” that bundle popular extensions in singularly-downloadable package sets.  That a Cool Thing.  It’s a cool idea.  If you find some collections you really like, you can add them to your RSS feed-reader to monitor changes.

….install the Add-on Collector extension for Firefox. The Collector turns your favorite collections into subscriptions in your browser, where you’ll be notified as soon as new add-ons are published to one of your collections. The extension has a number of other features, including the ability to share an add-on you have installed with a friend by e-mail, publish an add-on to one of your collections, and set up a collection that is automatically kept up to date with your installed add-ons.

We’ve made video demos of creating a collection and setting up an auto-publisher collection to show how easy it is dive in to collections.

Pop over to the Mozilla Collection Directory to see what this latest news is all about. - newsfox: installation and Newsfox - Release candidate: NewsFox 1.0.5rc2 is out.  My fave RSS news reader for Firefox continues to mature and become more stable and stunning each time!

Disable Firefox 3.5’ Location-Aware Browsing – Privacy – Lifehacker – Firefox 3.5 now comes with Geo-locating features.  This might make some privacy browsing folks a bit uncomfortable. Lifehacker shares a simple tweak from How-To Geek site writer Asian Angel.

  1. Go to about:config
  2. Change the geo.enabled value to false by double-clicking on the key.

In fairness, as Lifehacker points out, even with this “Geo-Loco” feature left enabled, you would still have to (theoretically) grant your consent when prompted to share your Geo-Loco-ness info with the site.

At least you know….

Opera Sings…off key?

Opera Desktop Team - Welcome to Opera 10 Beta 1 – Opera Desktop Team blog – Nice shiny new version. Some bells-n-whistles. Opera remains nice but here in the States has quite a job ahead getting noticed with Mozilla/Firefox, Internet Explorer, and Chrome/Chromium still ruling the sand-lot.

Opera Unite – New feature embedded in Opera 10 allows for file sharing and other typically “server” based operations.  It’s pretty easy to set up and configure. The API will allow other developers to publish “widgets” to interact and leverage this feature.  Could be cool…or is it a sinister threat to end-user/organizational security?  See two links down…

Freedom – Opera Desktop Team blog – The development team work hard to introduce this feature and convince us all what joy will come our way.  Clearly they have worked hard and are proud of the accomplishment.

How secure is Opera Unite? – Betanews.  Scott M. Fulton, III analyzes Opera Unite and shares some real concerns.  Does the average consumer end-user really need (or want) a server embedded in their web-browser? What if someone publishes an “non-Opera approved” widget on their own website that unbeknownst to the user actually serves malware or scrapes the user’s key files/documents/pictures from their system?  In fairness it’s the same charge that has been leveled at Firefox extensions, and from time to time a rouge extension for Firefox is uncovered.  I’m not sold and from a sysadmin’s perspective this adds just one more layer of headache to policing the desktop systems. On the other-hand, for sophisticated browser users, these might be powerful and useful features.  Jury is still out on this one.

And an Apple drops from the tree…does anyone but Newton notice?

Recently Apple took the “beta” tag off Safari for Windows 4.

Apple - Safari - Introducing Safari 4

Safari 4 final: no top tabs, performance updates for 10.6 - Ars Technica

I’ve loaded it on the Vista Home Premium 32-bit with no issues.  Haven’t cared enough to put it on Windows 7 64-bit.

It’s quite nice but still ranks way down my list of browsers to use, despite being installed.

--Claus V.

Microsoft SharedView: OMG this is Free?!!!

So this past week I was in Austin for a few days working on a special project.  It wrapped up but the work didn’t.

When we departed, plans were made to continue and as I was tasked with documentation support, it was asked if the team contributors could share my desktop (remotely) as we continued the work via conference calls from our desks across Texas.

One of my director’s peers suggested we use Microsoft’s NetMeeting product which might be useful.  It is loaded on all systems but does require each “attendee” to provide their IP address to set up the session.  We don’t have any enterprise-class commercial collaboration software solutions like Live Meeting or similar applications (at the current time…that may change soon).

We needed something cheap (free would be good), XP compatible, and require very little setup or technical use for the non-technical workgroup participants.  Plus it had to be fast and rock-solid-stable.

When I got back into H-Town I hit the webs and quickly uncovered the dirt on NetMeeting on XP.

However after playing with it on my system I just wasn’t feeling the love.  It seemed clunky, connection setup seemed awkward, and I wasn’t convinced it would really meet our needs.

Then I stumbled upon Microsoft SharedView.

The heavens opened up and the Dove of Peace descended.

Live-fire pre-deployment testing with the D-Man and Mr. No in the IT bullpens quickly confirmed it was a rocking solution.

Microsoft SharedView

Microsoft SharedView – Microsoft Connect

This is – amazingly – a free product/service offered by Microsoft.


100% free.


(Image from Free Utility: Microsoft SharedView – July 2008 Tech Net Magazine.  It’s the bar at the top that contains the SharedView controls)

The Microsoft Connect hosted SharedView web-site design absolutely sucks for such a fantastic product. Bad. It is basic and really doesn’t do the product justice.  Maybe that’s by design. (no pun intended).  Maybe Microsoft isn’t ready to showcase this product.  That’s too bad but great for us!

Microsoft SharedView is a fast, easy way to share documents and screen views with small groups of friends or coworkers; anytime, anywhere. Use SharedView to put your heads together and collaborate - create, convey, and communicate…across physical boundaries, through firewalls, and down to the smallest details.

It doesn’t support audio/video (as in web-cams for attendee shared communication). But if you can set up a phone/conference call, this is an amazing product for small workgroups, offices, and home-users.  It could also be used to perform remote-connection support in a pinch…though I still prefer the ease of ShowMyPC for one-on-one remote family support sessions.

Installation was a breeze.  Download the MSI installer from the link from either here (SharedView website big red button) or here (via Microsoft Downloads).  No post-install system-reboot needed.

Launch the application and a inconspicuous SharedView action bar appears at the top of your display. Click the “orb” and you can create a new session.  (Starting a Session - Signing in)

Follow the steps to log in with your Windows Live ID credentials (free signup if you don’t have one) and you create your session info.  You can then copy/paste or insert the info into an email to send to invitees (SharedView supports up to 15 attendees in a single session). (Starting a Session – Beginning)

Use the bar at the top to attach “handouts” to the session. These are documents on your hosting system you offer to share with session participants.  They must download these copies to their local systems as they will otherwise become unavailable once the session ends. (Using Handouts).  During our sessions I kept having to discard them and then repost them as I updated (and resaved) the changes to the primary documents.

You then define which application, document or even your entire desktop (full desktop view) you wish to display to folks.  Currently SharedView only supports the primary monitor in a multi-monitor hosting system.  Nice if you want to keep some other stuff “private” but viewable while hosting. (Sharing an Application or Desktop)

You can also temporarily hand off control to a participant so they can edit a document on your system directly.  Moving your mouse restores control back to you instantly. Nice. (Taking Control)

Attendees who are sent the email invitation get both a html link to the session along with the link, session name and password to join.  If their system doesn’t have SharedView pre-loaded the web-page launched when logging into the session will prompt the user to download/install the software. (Starting a Session – Joining)

It seems to support both Firefox and IE browsers.  Once installed IE will display the session (which may also require installation of a supporting plug-in element)

The session host is presented a “will you allow” message as each invitee checks in. (Managing and Monitoring Participation)

There are some other options like allowing each participant’s own cursor to appear on everyone’s screen views with the name. Temporary highlighting is also included.  It’s really cool. (Pointing and Highlighting)

It also has a basic “chat” feature to send messages that appear on everyone’s window. (Using Chat)

Our connections were over T1 or better network lines so it was 100% smooth with no delays or stutters. Our sessions lasted over six or more hours and not once were they disconnected or dropped.  Invitees were able to drop off for lunch break and rejoin with their same credentials as long as I (as the host) kept the session open.  Once I closed the session it was “destroyed” and no longer would be valid unless I created a new one and then shared the login info with everyone fresh.

Attendees should be able to resize/shrink the window on their systems to allow better screen space usage.

I haven’t tested to see if participants can log into more that one separately hosted session concurrently for some awesome multi-tasking goodness.

What it Lacks

SharedView isn’t perfect.

It is limited to 15 participants per hosted session.

It doesn’t have a “whiteboard” like feature although I suppose you could use some other application on your hosted system to do the same thing…kind-of.

The chat feature is very basic and doesn’t intuitively provide a running conversation dialog sidebar. It is there. But display seems to cover a portion of the desktop you are trying to view.  A sidebar arrangement would be nicer.

Much more Linkage for the Curious

Here are a whole lot of great SharedView links on the specific features.

Good news is that it appears that SharedView is an actively developed product at Redmond so new releases and updates will continue following.

Valca Verdict on Microsoft SharedView?

Highly Recommended!


--Claus V.

Microsoft Link Dump: Load #5


CC Photo Credit: by Choctopus on Flickr

Got Shovel?

Virtualization Stuff

Dual-booting Windows 7 from a VHD setup on our laptops is rocking solid.  I almost never drop into the main Vista system anymore.  Neither does Lavie. So even though I currently have a pretty good handle, it never hurts to learn just a bit more. Here are some great tips and info.

  • Creating virtual machines with Windows Virtual PC. – Virtual PC Guy’s WebLog – Basic stuff but a reminder that Windows 7 XP-Mode virtualization isn’t just for running XP’ish app under Win7.  It is a full-features virtualization platform and you aren’t limited to just one virtualized XPM system. Make many…covering other supported OS’s as well.  

UAC Under Win 7 – The Controversy Continues 

  • User Account Control: Inside Windows 7 User Account Control. – TechNet magazine – Mark Russinovich goes to bat to try to defend MS’s positioning of UAC and try to define it’s relationship with security.  I get the points but unfortunately, I think UAC has been engrained in many folk’s minds as being “solely” a security measure. MS it trying to make it more nuanced from their technical understanding of the Windows platform architecture.  This is going clear over the heads of common users.  From Mark’s post:

The primary goal of UAC is to enable more users to run with standard user rights. However, one of UAC's technologies looks and smells like a security feature: the consent prompt. Many people believed that the fact that software has to ask the user to grant it administrative rights means that they can prevent malware from gaining administrative rights. Besides the visual implication that a prompt is a gateway to administrative rights for just the operation it describes, the switch to a different desktop for the elevation dialog and the use of the Windows Integrity Mechanism, including User Interface Privilege Isolation (UIPI), seem to reinforce that belief.

As we've stated since before the launch of Windows Vista, the primary purpose of elevation is not security, though, it's convenience: if users had to switch accounts to perform administrative operations, either by logging into or Fast User Switching to an administrative account, most users would switch once and not switch back.

Thing is, most tech-pros and security folks just aren’t buying it. Particularly when the default user profile level in a Windows 7 setup is at “admin” level.  There is just so little encouragement offered to set up the user account as a “standard” user rights.  And, it appears that even with a standard-level account AND UAC that malware or maliciously coded apps can still work their magic against the user.

  • UAC, UAC, go away, come again some other day - Within Windows. Rafael Rivera provide the quote-byte of the week on UAC: “Here’s my million dollar question: If UAC wasn’t designed to ultimately protect us from anything, why does its icon resemble a damn shield?

Windows 7 Mashup  

More news and various interesting bits to sort through regarding Windows 7.

I’m still not sure what the final prices will be, but if upgrade pricing come in as teased, I’d seriously consider dropping Windows 7 Home premium (x64) on both Lavie and Alvis’s laptops as soon as it is released.  I’m not sure if I will go for Windows 7 Professional (x64) for mine.  I’d actually use some of the XPM features so I might be able to justify the price which might be 2x that of the Home Premium tag.

Microsoft Goodies

  • Test Your Website’s Compatibility with SuperPreview – On10 – Neat little tool for website developers that allows you see how your website looks in different browsers. What is cool is that you can open the same site in multiple browser versions at once and then “stack” them transparently. These overlays make it very easy to see rendering differences.  MS Download: Expression Web SuperPreview for Internet Explorer. Spotted on Calendar Of Updates.
  • Sysinternals Site Discussion : Updates: VMMap v2.0, ClockRes v2.0. – Changes to two Sysinternals tools including the very cool VMMap to display memory usage details.
  • Use FAT16 with 64K cluster size for best performance on <=4GB ReadyBoost devices - Aaron Tiensivu’s Blog.  Clever tip to enhance ReadyBoost performance.  Is it just me or is ReadyBoost a non-issue with Windows7.  Sure it is supported but there’s been no buzz this go round.  Maybe because Win7 performs so much better with available system RAM that no one feels a need for ReadyBoost under Win7 to eek out needed performance? Besides with lessons learned from Vista from most Windows OEM platform sellers, you rarely see consumer systems offered for Vista now with less than 2 GB.  3-4 GB seems standard. I expect Windows 7 systems when they hit the market will be the same.  Compare that with XP and early Vista system releases where standard system consumer configurations offered 512 MB or 1 GB.  Yikes!
  • ImageX GUI (GImageX) – freeware – New beta version released in May by Jonathan Bennett. This new beta version supports the WAIK for Windows 7 RC.  I loaded that one on my “new” laptop system along with this beta version, but found that it sometimes won’t open my Vista WAIK ImageX version WIM files. Those that it does takes a loooong time to mount.  It’s a pain but there are good improvements in the Win7 Imagex version. For more info on the benefits (and the mounting delay) see this GSD post: WIM tool enhancements and Fiddling with VHD’s.

Microsoft Security Essentials: Free MS AV Solution Beta – Coming soon.

Microsoft announced that it would be entering the freely-provided AV market soon.  Microsoft Security Essentials (MSE)…previously code-named Morro…this product would pick up where Windows Defender (malware focused) left off.  In fact install this version and Windows Defender gets disabled as it is an “up-version” of that protection.  It should appeal to the non-techie pc buyers who have a light (but growing) understanding of security needs.  It will also probably play into SO/HO and small business users who need some MS-stable AV solutioning without the advanced administration requirements of larger corporations or businesses.  Interface is very basic…which is probably a good thing.  Though not “cloud-based” it still packs a “cloud-supported” feature to provide added protection for emergent threats and will be offered in both 32-bit and 64-bit Windows OS versions. That alone seems noteworthy. 


--Claus V.

Small Tips to tame MS Office

A number of weeks ago it became clear that my work-issued Dell D-610 laptop just wasn’t able to keep up with the onslaught of multi-tasking I was now throwing at it.

I had maxed out the RAM to 2GB, large/fast IDE drives were hard to find, and it was a single-core processor.

So boss was able to locate a loaner Dell D-630 laptop to tide me over the remaining six-month or so period until the next round of hardware refreshes hit our group (Latitude E6400’s).  The 2 GB RAM kit from the D-610 was compatible with that used by the D-630 so I replaced the stock 512MB stick with the 2GB kit. However the D-630 supports up to 4GB for system RAM so I’ve got a 4 GB RAM kit coming along with a 7400RPM SATA drive to boost the stock D-630’s dual-core muscle. My productivity has jumped which is a good thing considering how crazy the past two weeks have been.

Anyway…all that to say that moving my system over from the older laptop to the newer one meant many of my MS Office (2003) tweaks and configs were gone and forgotten.

So I’ve been on the hunt to tweak some MS Office behaviors.  Here are three of the cleverest I should have remembered.

  • Disable and Turn Off Microsoft Office Word 2003 Reading Layout - My Digital Life – Uhhhg! When I would open a MS Office file attachment out of Outlook it would open in the “Reading Layout” which was butt-ugly and useless.  Sure I could then click around and swap the view to the “page layout” mode but it was extra clicks.  Darn if I could get it swapped back to open in the “page layout” style of my old system.  This post has three level of tips.  The first one is in the usual options interface but may not “hold”.  The second one requires some Group-Policy editing..nice. But the last is the money one.  To the Registry!

…directly modify the system registry with the following value to get the same blocking reading layout effect. 


  • How to turn off the Office Clipboard (2000, XP, 2003) – Clipboard Extender blog – for some bizarre reason every time I would copy/paste things in Office 2003 on this system the clipboard sidebar would pop up and list all my copied items.  No matter how many times I told it not to display any more in the options it would continue to return. While some may find benefit in this, I’m not a multi-item copy/paster.  By that I mean I copy then paste what I want to move around and don’t need to maintain on ongoing collection of copied items to paste from.  When the sidebar appears it shifts the zoom level or location of my document throwing me mentally off.  It had to go.  The link had the standard solutions but a single comment on the post left by Meredith Sivick did the trick. Haven’t seen it since. I love a good registry hack:

This worked for me to Permantely turn off the clipboard in Microsoft Office for 2003 running Windows XP

By Bill Detwiler
Close all Office applications, including Outlook, before performing any of the following registry edits.
To Disable clipboard:
1. Click Start | Run
2. Enter “regedit” in the Open field
3. Click OK
In the Regedit window:
1. Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Office\[version] \Common\General
Where [version] corresponds to your Office version: 9.0 = Office 2000, 10.0 = Office XP, and 11.0 = Office 2003.
2. Locate the DWORD value AcbControl or create the value if it does not exist.
3. Set the AcbControl value to 1. (Set the value to 0 to enable the dialog box.)
4. Close the Registry Editor and restart an Office application.

  • How do I turn off the Getting Started pane (Word 2003)? - – Despite all my attempts to locate the setting to turn this blasted feature off, I had to hit the Web to find it in the option settings.  Darn it.  I hate it when something is right in front of me but I can’t remember the technical name for the “feature”.  In this case it is referred to as the "Startup Task Pane".


--Claus V.

More Olympus E-P1 teases

Amazon is taking pre-orders on the Olympus E-P1 kits.

Full reviews are still sparse.  From what I can gather some pre-release units went out to select reviewers.  Some release units also got out there, but from the “…wait for a full review…” comments in the articles…it seems like there are some agreements to not release too much info quite yet.

A Olympus E-P1 release event occurred in Germany so most of the links with “real-shots” were taken from Berlin.

Here is the latest batch of “best-of” write-ups and teases I’ve found.

Lavie is impressed with it as well.  I’m still waiting for the “real” reviews to pick it apart, but I’ve been smitten with what I have seen and think it would be the perfect level/format of digital camera for the style of photos I’m looking to capture.  As well as being more inconspicuous for candid street-shooting compositions.


Olympus E-P1 Videos – PhotographyBLOG – Not only does the camera provide 12.3 megapixel stills, it also provides true HD-level video.  This collection is amazing!  Granted the art-mode filters cause slowdown in capture, but they still are quite neat.  The normal mode color is spectacular, smooth and highly detailed.  Can’t image what they would look like on our HD TV.

E-p1 autopsy pictures - Olympus and Panasonic rumors – Great site and neat cut-through view of the camera body/lens.  Amazing work packing all that tech into the small package. Wow.

First Olympus E-P1 unboxing video! - Olympus and Panasonic rumors – Why not?

The Online Photographer: The E-P1: Not Exactly What You Want? – The Online Photographer – The title is misleading.  The reviewer actually really likes his time with the E-P1.

Olympus interview: Future ‘Pen’ cameras planned (update 16 June 5pm) news - Amateur Photographer – News that Olympus may release higher/lower end versions depending on how this first model does.  Higher may include a built-in viewfinder.  Interesting….

Olympus E-P1 test photos – Let’s Go Digital – Bit more news and photo samples.

Google Translate – Review with LOTS of hardware photos of the device.  Translated version but still quite good. Written by O. Takeshi.

--Claus V.

Wednesday, June 17, 2009

GSD Keep-Alive Ping + the new E-P1!


cc image credit: Black Olympus Trip 35 on Flickr by Hermés

Hi all.

I’m still here.  I just realized it’s been over half-a-month since the last post.

Work is crazy-wild with longer-than-normal sessions in the bull-pen and on the mound, along with weekends chock-full of special family-focused down-time.

Please remain confident that my to-blog pile is reaching critical mass.

I’ve got the usual load of Microsoft Windows OS related topics in the wings, a curiously free amazing on-line collaboration tool, stupid MS Office taming tips, a mess of browser news, and linkage galore of security-related tools and various utilities.

Also in works, a specific “while-in-the-trenches” post on a live-fire failing disk recovery session with two neat new free tools I uncovered in the process.  Oh yes…I guess I need to mention the drive in focus involved a blown-out PGP Whole Disk Encryption load. Yikes!  Expect some new pgpwde.exe command-line support resources as well in that pre-or-post post. (Did that make any sense?)

Completely unrelated….Olympus cameras…

I’ve been taking out my old Olympus Trip-35 and longingly holding it a bit.  I haven’t worked up the courage to drop some old-school 35mm film in for kicks.

While Jonesing on the Trip-35 I found this Flickr: Olympus Trip-35 group with some great old/new photo sessions.  It’s been a blast reading around.  The more I research/read up on the web on the Trip-35 the more I am amazed at this little tool.

I loved taking photos with it as a kid and still think it has taken some of my favorite photos. I’m not sure of the technical reason the photos appeal to me. There’s just something about them that stands out from images from other cameras I’ve used over the years.  Not being a pro I can’t explain it but there is a distinct retro-like visual appeal to them I seem to sense.  Maybe it just me reading more into it because I know the camera body is probably as old as I am.  Eventually I’ll figure out how to scan my negatives in on the HP scanner we bought some time ago. Failing that I will just scan some of the prints in and share.

Anyway, my love and joy of the little Trip-35 platform has kept the desire in me for a digital version. I think I would really get more use out of this format that a full-bore entry-level DSLR camera with my shooting style (more casual/photo-journalistic/street-shooting).

So recent word that Olympus might be coming out with a digital “range-finder” camera this summer intrigued me:

I’ve been scouring the Net for news and today found this website offered to me by Olympus from a news signup I registered for.

The object of my desire?

  • The E-P1 digital rangefinder - Olympus


cc image credit: Olympus E-P1: Sleek frame on Flickr by bfishadow

Quite likely after wasting over an hour on the website tonight as well as even more on the following reviews and linkage.

Here’s the first onslaught of E-P1 gushing to hit the web I’ve started to turn over.

And here are a collection of interesting digital photo samples of the E-P1 output in action

I close with this: A shameless E-P1 viral-ad pandering to the Will It Blend? fans.

Will It Blend? - Roberts Raw!

Stay tuned!

--Claus V.