Friday, July 31, 2015

Windows 10 Linkpost: Pulp Fiction Edition

04uq2cu0.ifl
“010 Ten Detective Aces May-Jun-1933” CC by 2.0 attribution: by Will Hart on flickr.

OK. Here we go. Windows 10 has been released to the masses, world-wide.

Pandemonium is ripping across continents, hoards are massing on borders, panic is in the streets and geekdom has gone underground in an attempt to hide from in inundation of phone calls from family, in-laws, out-laws, and friends seeking comfort, guidance, and recovery from this Windows 10 invasion appearing on their Windows 7 & 8.1 systems.

Seriously…the Windows 10 rollout is going on. Some folks who elected to use the “Get Windows 10” notifier in their system tray are queuing for their installation/upgrade.

Others are still debating if the decision to upgrade now is wise (a wise choice IMHO).

So fresh out of the gate, here is a new collection of Windows 10 Release links and considerations everyone would be well-advised to review and consider before punching that  upgrade button.

I highly encourage any visitors to this humble blog to first take some time reading this previous post to get up to speed.

Now, on to the linkage!

A PSA For Dell Hardware Users!

I’m putting this on the top of the list. Just because Microsoft has tossed a “you can upgrade to Windows 10 if you want” icon on your computer doesn’t mean that your hardware can successfully upgrade to Windows 10.

By that I use Dell as an example.

See, turns out that WIndows 10 may not be able to provide correct/functional “generic” device drivers for all hardware…laptop mother-boards are particularly challenging with driver availability. Dell laptops in particular seem to be tripping out the Windows 10 installer.

I did some digging and found these Dell links of interest.

As of the time of this blog post..

  • My Dell Studio 15 (1558) isn’t listed anywhere on the page.
  • Nor is my Dell XPS L702X laptop model.
  • Nor is Lavie’s Dell Inspiron 15 (3520).

According to Dell, the non-listing of these laptops means “…if your computer model is not listed, the hardware has not been tested and drivers have not been updated for that model, and Dell does not recommended an upgrade to Windows 10. If you wish to proceed with an upgrade to Windows 10 on an untested system.”

I’m a pretty good Windows sysadmin, and to me, those words mean that I won’t be upgrading ANY of our systems to Windows 10 until it has been out for a while, and drivers are available for our platforms.

So…think long and hard grasshopper before you do the upgrade. It might work with no issues, maybe. But I’d advise to check your hardware manufacture’s support site and try to confirm if it is Win 10 tested before jumping off that cliff.

You’ve been warned!

Windows 10 Privacy Concerns

Next clue for your consideration should be a full review and understanding of Windows 10 privacy changes brought in by Microsoft. Maybe you aren’t concerned but you should at least be informed.

Windows 10: Privacy nightmare - tinyapps.org. Tiny apps summarized some of the top privacy concerns. Read the post my friends.

When installation completes, be sure to click the tiny "Customize" link on the "Get going fast" screen; you may (not) be surprised at how invasive Microsoft has become. Here's a taste from that post (these are all enabled by default):

  1. "Personalize your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft."
  2. "Send typing and inking data to Microsoft to improve the recognition and suggestion platform."
  3. "Use pge prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers. Your browsing data will be sent to Microsoft."
  4. "Automatically connect to suggested open hotspots. Not all networks are secure."
  5. "Automatically connect to networks shared by your contacts."
  6. "Send error and diagnostic information to Microsoft." (The toggle switch to enable or disable was hidden below the screen; a near-invisible scroll bar was required to view it.)

More topics and details I encourage you to carefully review.

Windows 10 ISO downloads

Depending on your upgrade plans, you may or may not need a local “hard-copy” of the Windows 10 installation files available. That said, it’s good to have a copy handy on DVD or USB, just in case something bad happens.

Express or Custom Setup & Security Considerations: Choose wisely grasshopper!

…as for me and my family, we will choose “custom”…

Basically, Express goes ahead and tells Microsoft to allow all their recommended default settings and such…things you may not want if you read the privacy concern links above.

The custom is more of a headache to wade through but you are turning off options and protecting your privacy (to the degree you can) by doing so.

Belt and Zipper check: Is your Security solution Windows 10 Compatible?

You probably are running one or more security products on your Windows 7/8.1 system right now. They are working hard to keep you, your system, and your data safe from threats, hacks, and exploits.

Before you do your upgrade, stop for a moment and check to see if the software vendor has confirmed that their product is -- in fact -- Windows 10 compatible.  If it isn’t then you run risks of lowered protection, non-functional software, BSOD’s, etc.  If you don’t see your security products are Win 10 compatible, I again urge you to wait, or to consider the implications of switching to a Windows 10 compatible security product before you punch the upgrade button.

Also, AV-Comparatives recommends uninstalling any existing security program(s) before doing your upgrade then reinstalling the latest version after upgrade is done. Security apps can cause conflicts with software installations and doing a OS upgrade is one of the biggest software installs you can do!

Got a third-party whole-disk encryption solution installed? Tread carefully and consider a full disk decryption before upgrade, then re-encrypt after confirming Win 10 compatibility.

As far as my lineup goes…

Reason to Wait #15: Win 10 Service Release 1 coming (very) soon

So based on the new -- let’s get it out the door, and just cram updates/fixes down whenever we need to -- service model, it should be as no surprise to hear a new Service Release bundle may be right around the corner.

Another reason to wait in my book.

OK - Decision Time Upgrade now or Not?

You’ve probably figured out my position at this point (let’s wait a while as there is no rush). But here are some additional opinions from trusted sources.

So you really want it now do you? Mmmkay.

On your own head be it.

So what do I do?

Even if you have erred on the side of caution and are not upgrading now, it would be beneficial to acquaint yourself with the Windows 10 upgrade process so you won’t be surprised.

Clean versus Dirty Installs

Most non-technical consumers (or those who don’t have a geek in the family to buy off support with beer and pizza) will go ahead and opt to take the in-place upgrade.  Generally this will be fine and smooth and no real harm will come out of it.

However, many battle-hardened Windows sysadmins and geeks may tell you that the better option is to do a “clean” install. Basically that means backing up all your files/folders/data/settings then wiping out your system and installing a pristine version of Windows 10 on the system and then loading our files/folders/data/applications/settings. It is very labor intensive and carries its own risks. But the reward is a fresh and clean OS load and few carryovers of old drivers, problems, and configuration issues.

Here are some guides on a Clean install process with Windows 10.

Note, there are some potential “gotchas” particularly with the free Windows 10 license key. So read first carefully.

The TinyApps bloggist shared some great resources in his earlier Win 10 Privacy post. Read these carefully as they contain great advise.

First Things First (after you’ve done the Windows 10 thing)

So here are some recommended setting changes you should check out and consider making after you have done your Windows 10 installation. Most involve security and privacy settings. However some also involve bandwidth and network options and impacts.

Windows 10 Tweaking - Start with “Start”

Windows 10 Upgrade Troubleshooting

Sometimes, the best laid plans go to pot and things fall apart. Here are some resources.

Great! Everything is Awesome! (Umm, how do I use Windows 10?)

Got you covered, my friends…

Reviews, Feedback, and Pure Opinionated Factual Opinions

Still not sure about this whole Windows 10 thing? Think it is a clever trap by Microsoft to lock you into a new product, get to you be a minion on their road to eventually overtake the Apple AppStore? Done laughing yet?

Good luck,

--Claus Valca

This week in browser bits; runway memory edition

Submitted for your review, Firefox news,  Mozilla whining, Chrome tab “discarding”, and Claus deals with a runaway freight train -- no, scratch that -- runaway memory usage in Firefox.

To the rails!

Firefox News

The Firefox Extension Guru's Blog has been hard at work parsing details and analysis of coming changes in the Mozilla browser.

  • Truthful, but not very PC… - Firefox Extension Guru's Blog - Silverlight will be banished, Flash retained, and the 64 bit mainstream version release of Firefox x64 is delayed, and questions persist.
  • Win64 Firefox NOT Coming with Firefox 40 - Firefox Extension Guru's Blog - Maybe with Firefox 41?
  • A Look at Extension Signing In Firefox 40 - Firefox Extension Guru's Blog - The Guru goes to the mats for  us and loads his profile into Nightly 42, Developer’s Ed. 41, and Beta 40 of Firefox to take a look at the impact to users (and their Add-ons) with Extension Signing coming soon to a Firefox 40 release on your system.  Read his post for the full comparison. Summary: FF40 = warnings, FF 41 = blocks (but action can be user disabled), FF 42 = blocks (no disablement).
  • Disabling Add-on Compatibility Check - Firefox Extension Guru's Blog - Guide update notice and point to Disable Add-on Compatibility Checks Add-on for extended feature support. Note this Add-on appears to be very popular with Pale Moon users.

What Does the Fox Say?

(with a nod to Ylvis)

It’s probably not that long ago in most people’s minds to recall the great browser wars of the 90’s and the anti-trust settlement and also how the EU forced Microsoft to provide a default web-browser “ballot” to guide users to an alternative browser than Internet Explorer as the default.

Today although many users still turn to use IE on their Windows systems without question, there is general familiarity with alternative browsers such as Mozilla Firefox, Google Chrome, Opera, Apple Safari, and upstarts Vivaldi and Pale Moon-- to name a few. Their presence in the formerly IE dominated world has been hard fought; both in coding/development, in the courtroom, and in the marketplace.

So it was probably a frustrating day in many a browser boardroom when it came out that the Microsoft Windows 10 upgrade will automatically reset the default Windows web-browser setting to Microsoft Edge and over-write the user’s current default browser choice if it isn’t already IE. It will do this unless you are a pre-informed geek/user and choose to ignore the “express settings” option during setup and choose the “customize settings” option, and then carefully locate another button to make the option change to keep your settings. It isn’t a stretch to anticipate that most consumers eligible to get this Windows 10 upgrade will be more than happy to select the “no-pain/no-fear” “Express Settings” upgrade and toddler on with the process unawares (and get a whole lot of other potential security and privacy setting headaches along the way by default). More on that in a follow up post.

Anyways…

Mozilla for one isn’t taking that roll-back to Microsoft Edge browser by hiding out quietly in a foxhole. No, in a shout to equal the noise of Ylvis’s video they howled/barked pretty loudly.

Ooops. Did you click the “Express Settings” option? Fear not, here are some steps to get Firefox (or Chrome) set back to being your default browser.

Chromium Tab “discarding”

Memory management can be a real challenge for a “modern” web-browser. With the media-rich webpage content, and multi-process hosting in these browsers, keeping system memory usage in check and browser performance up is a developer’s constant nightmare.

My own browsing habits are such that I usually have no more than three or four browser “tabs” open at any given time. I generally file away pages to my bookmark manager to be saved for later review. The only time I regularly have more than 25 tabs open is when I am going through my RSS feeds in Omea Reader and launching them to open in the background in Firefox. Once done with the RSS feed culling, I then go to Firefox and sort them into a specific folder for topical blogging, or future reference.

Lavie on the other hand leaves fifty+ tabs open in multiple web browsers concurrently. Drives me crazy! But that’s how she works.

A new feature “tab discarding” has surfaced in Chromium builds. For those who have a lot of tabs left open, it will use an algorithm to trigger “discarding” open tabs when physical system memory is running low. My understanding that “discard” means something more like “suspend” rather that shut it down and toss it in the bin. If enabled and triggered, the tab stills shows on the tab-bar, but nothing is happening until you select the tab, when it then “revives” again.

I’ve enabled it in my Chromium build though I don’t expect to see much difference with my minimal tab usage. If it rocks my world I’ll let you know. Martin Brinkmann of gHacks has the “how-to” for enablement of the feature in his post below.

Per Brinkmann’s article, the Firefox BarTab extension has offered a similar feature to Firefox users for some time. The original BarTab by philiKON is not supported on Firefox 39 or higher. However a newer “fork” of it -- BarTab Heavy -- seems to be fine. See also this other fork BarTab Plus.

Claus Deals with Runaway Memory in Firefox

So this morning I happened to have my own struggles with Firefox memory usage so here are my notes.

I was tearing through my RSS feeds and opening articles of interest in the background within Firefox.

My tab bar was filled and more tabs were spilling over “hidden” off the left.

I eventually noticed a number of things…memory usage on my system was almost maxed out, though I just had a handful of applications open, and the laptop cooling fan had kicked on full-tilt.

I checked Process Explorer and quickly found the culprit for my RAM usage; Firefox!

osuyqzsh.qfq

Normally my system runs about 3.5 GB of RAM usage unless I have a VM open and running.

In this case my 8 GB of system RAM was almost maxed out and a large portion was being consumed by Firefox.

The RAM counters showing were continuing to climb mercilessly.

I started to try to save my tabs to the bookmark folders so I could close them out but after just a few, Firefox became locked up.

I killed the process and restarted Firefox. Luckilly my tab sessions were restored so I didn’t loose any of the open ones…but almost immediately, the RAM counters went climbing sky-high again to the 3 GB mark!  Did I have a rouge Add-on? Was one of the tabs hosting bad page code? What was going on?  I felt blind and Process Explorer wasn’t helping.

Step one: Make sure “Prefetching” was turned off.

How to stop Firefox from making automatic connections - Firefox Help - Lots of good advice here but this was the one I was interested in checking.

  1. In the Location bar, type about:config and press Enter.

    • The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise! to continue to the about:config page.
  2. In the about:config page, search for the preference network.prefetch-next.
  3. Observe the Value column of the network.prefetch-next row.
    • If it is set to false then do nothing.
    • If it is set to true, double-click on it to set it to false.

In my case, I had previously set it to “false” so that wasn’t a help.

Step two: Figure out what is consuming all the RAM within Firefox in the first place.

Firefox uses too much memory (RAM) - How to fix - Firefox Help

This page has tons of useful tips and tricks to try out; most are common sense like updating Firefox, disabling themes and add-ons, disabling auto-run of media on pages, using fewer tabs or adding more system RAM (really?).

However it was this tip - Memory troubleshooting tools - that had a great new find for me:

The about:memory page allows you to troubleshoot finely specific issues about memory (for instance, caused by a website, an extension, a theme) and sometimes its Minimize memory usage button may help you instantly reduce memory usage. For guidance on use of about:memory visit https://developer.mozilla.org/docs/Mo.../about:memory

Typing that in I get a page with some options to load memory reports, save them for later/diff’ing, free up memory, or save some garbage collection or concise cycle logs.

For first level stuff, hit the “Measure” button under the “Show memory reports” section and let it rip.

Here you can review all the different elements and how much RAM they are using.

fsbif4yj.uiv

Pretty helpful stuff.

Step three: check and enable trimming

Fix for Firefox memory leak on Windows - How-To Geek

  1. Type about:config in the address bar.
  2. Right click in the whitespace and choose New --> Boolean and enter.
  3. For the name provide “config.trim_on_minimize
  4. Set the value to “True”
  5. Shut down and restart Firefox.

Per MozillaZine Wiki this setting’s benefit is “dubious” but shouldn’t actually hurt anything if you are having issues.

Config.trim on minimize - MozillaZine Knowledge Base

Background

On Windows operating systems, when a program is minimized and left for a period of time, Windows will swap memory the program is using from RAM onto the hard disk in anticipation that other programs might need RAM. Because of the way Mozilla applications are stored in memory, Windows is much more aggressive in swapping out the memory they use, which can cause a delay when the program is restored. This preference determines whether to mark memory as preferably swappable, from a minimized Mozilla Windows application.

Recommended settings

Any positive effect of this setting is dubious, since any memory saving may be illusory.Bug 420267, comment 7

However, if you're experiencing problems with the application consuming too much RAM (Mem Usage in the Windows Task Manager), you can try setting this preference to true. If you're not experiencing any problems, it should be left at false to maintain application responsiveness.

Step four: Install an Add-on memory-monitoring tool

Knowing what in general is using RAM in Firefox (see step 2) is great, and disabling add-on one at at time to look for performance improvements is a great idea…though time-consuming if you have more than several. Luckilly, a solution was found in this gHacks post. Another Add-on!

Martin Brinkmann points out the Add-on about:addons-memory

It works great. Install the Add-on (no restart needed) and then type “about:addons-memory” in your address bar and it wills show you the memory usage of each add-on. How cool is that?  This can really speed up your troubleshooting.

Step five: Install a page-tab memory-monitor tool

Another add-on mentioned (that I haven’t tried yet) is Tab Data (+Memory usage) it offers to show memory use feedback on each open tab though reviews indicate some stability issues. See also Tab Memory Usage add-on.

Bonus Tip: About:About page

I’ve made a bookmark bar folder called [Abouts] that I then have placed various “about:” pages into it for faster access without having to type them. Go type about:about in the address bar to get the full listing but these are the ones I am interested in.

  • about:about
  • about:addons
  • about:addons-memory
  • about:cache
  • about:config
  • about:healthreport
  • about:memory
  • about:networking
  • about:permissions
  • about:plugins
  • about:preferences
  • about:support
  • about:telemetry

As of now, Firefox RAM usage hovers in the 500 MB - 1 GB range which seems pretty “normal” for me.

Hopefully one or more of these tips may help and if nothing else, give you some tools to better troubleshoot RAM issues in Firefox when you do encounter it.

Cheers,

Claus Valca

Tuesday, July 28, 2015

Sysadmin Link Seventh-Inning Stretch

Here are some tips and tricks for the sysadmin crowd.

While doing a project on a Win 7 laptop cleanup, I was looking for an automated way to clean off all the inactive/unused Windows user profiles. Sure I could have gone into the advanced settings and removed the account profiles manually. But a command-line tool would have been helpful.

I re-found the Delprof2 - User Profile Deletion Tool provided by Helge Klein. It worked as advertised. The first pass I used it it could not delete one local profile for some reason. Turns out that some software that had been installed was still running as service under that account. After I had deleted the software and rebooted, the tool then worked to remove that remaining account. Free for private, non-profit org, or educational org use. Otherwise requires a commercial license purchase.

More Tips and Tricks

Smartphone-Friendly Conference Bridge URL Formatting

One of my biggest frustrations with conference call invites is receiving one when I am in the field and having to join via smart-phone. The meeting reminder comes up with the main dial-in number, but then I have to try to switch back-and-forth to find, note, and enter the actual bridge #.

So I found a standard formatting that can be included/used for one-click use in both calling the main # and then auto-entering the bridge number.  Please folks! start adding this to your meeting invites!

The basic format is thus:

tel:12345678,,100200#
join 100200 conference code on the conference line 12345678 on most of the newer devices

Malware Anti-Exploit Update

Malwarebytes Anti-Exploit - Version 1.07.1.1015 was released. From the setup installer’s change notes:

Malwarebytes Anti-Exploit 1.07.1.1015

New Features:
• Added new Layer0 exploit mitigations for IE VB scripting
• Added new Layer1 exploit mitigations for ROP detection
• Added new Layer3 exploit mitigations for Powershell abuse
• Added telemetry from Firefox
• Added ability to edit custom shields
• Added ability to log protection events to UI
• Added ability to auto-upgrade corporate builds
• Added support for Windows 10
• Added blacklisting of pirated and fraudulent license keys

Improvements:
• Improved Java shield in corporate environments
• Improved exploit telemetry
• Removed duplicate default shields for portable browsers
• Removed "shielded applications" counter from UI

Fixes:
• Fixed issue when printing to Adobe PDF
• Fixed issue with Speedbit Download Accelerator
• Fixed issue with plugins from PowerDVD and GAS Tecnologia
• Fixed issue with nProtect GameGuard Anti-Cheat
• Fixed issue with certain exclusions not respected
• Fixed issue with Knowledge Coach Office Add-In
• Fixed issue with false positive from IE
• Fixed issue with Foxit Reader startup
• Fixed issue with Excel PowerQuery
• Fixed issue with Excel DEP Enforcement
• Fixed issue with IE VB scripting block
• Fixed issue with Chrome crashes

Techniques for adding “Open Command Prompt Here” &/or “Elevated” to the Windows Explorer Shell Menu

Windows 8/8.1/10 have an option to allow you to open both a Command Prompt or Elevated Command Prompt window from the start menu.

You can also right-click a folder or white-space and open a command window. However you likely won’t be able to open an elevated one easily.

There are a number of ways you can modify the registry to create some optional Explorer shell menu items. And you can do some clever keyboard/copy/paste tricks as well in the default Windows GUI.

In the end I found and went with this utility on my personal systems.

Here are a few more options:

On my own system I don’t mind using a utility to make the changes needed, but if you really need the feature and are authorized to make the changes, “manually” setting the feature via RegEdit works well. The benefit of that method is that you “know” what changes are being made and how to remove/regress them if required.

Windows Critical Out of Band Security Patch Released

Yes…late again…but better late than…well, you know.

Cheers!

Claus Valca

Windows 10 and Wi-Fi Sense: Here be Dragons

I’ve read about.

I “get” it from the “helpfulness” and convenience side of things.

I absolutely don’t get it from a security standpoint.

So basically in Windows 10 it’s a feature that allows you to share your Wi-Fi network settings (and credentials) with other contacts via Facebook, or Outlook.com, or Skype. It seems to be a feature for Windows Phone 8.1/10 and Windows 10 in general.

My bae knows I’m coming over to crash at their pad, knows I love to do the Wi-Fi thing, sends me their Wi-Fi creds via Wi-Fi Sense and I’m golden for the hookup when I drop in. No awkward asking for Wi-Fi creds or trying to type in that 64-character strong password!

Thanks Microsoft.

You can optionally set it to automatically share your network settings/creds with your contacts, not just on a per-contact basis. Helpful isn’t it.

It seems that once they have the contact, they cannot then share the settings/creds with their friends/contacts as well, unless they already know the actual (clean-text) password and share it with others. Nor can you use Wi-Fi sense with enterprise networks using 802.1x. It also does not grant them access to other computers or devices on the shared network.

A workaround is to rename your network SSID to end with “_optout”.  Which kind of begs the question; if you are already OK with sharing this security why would you want to then go and “_optout”.

According to my understanding, while they can access your shared network, they don’t get to see your shared password. Small consolation because any malware or infection they have on their systems comes along for the ride and is granted permission to be on your network and in your “home”.

And that’s the core of the concern. While many non-technical users will be happy with the convenience of easily sharing network access to their family and friends, the deeper threat is what could happen once that “guest” system is connected on the network; exploit scans? pen-testing? downloading of questionable files?

To me it falls under that “it’s just network access to the Internet what’s the harm?” false security mentality that is so ubiquitous nowadays that drives security sysadmins to the point of madness. Just like the “why is it a problem that I borrowed my Ethernet cable at work to plug in my personal XP laptop during my lunch hour?…it’s not like I’m using my locked-down enterprise work system.”

Really? Just can’t see the problem there can you? Hmm.

Yes all those points are still risks under the “old-school” model of Wi-Fi access sharing; here’s my SSID, here’s the password, need some help? But at least there is a pause or opportunity to consider the device/user/access being granted--maybe go over some house rules and review/vet the system if you are a security geek.

Nor do I see a way to later selectively (retroactively) block or disable access granted to a contact…short of renaming your SSID and/or changing the access authentication password. Though I suppose if your Wi-Fi router supports it (and you know the former-bae’s MAC address) you might be able to block them via access point filtering.

Regardless, the current GSD recommendation is to run away from this “helpful” feature as fast as you can.

Now that I’m thinking about it, it’s probably time to consider setting up a “guest” Wi-Fi network with a different SSID that is isolated from the main “trusted” Wi-Fi network.

…or pick up a Wi-FI router that supports an isolated “guest” SSID zone as mine does.

More readings:

hat tip to TinyApps blog

Cheers,

Claus Valca

Portable Windows movie players

After I do a video file conversion I like to check how the conversion plays back.

I don’t really care for or use the stock Windows Media Player software.

For the longest time I have used VideoLAN VLC media player and found it adequate for the purpose. I prefer the VLC Media Player Portable package. However it seems to take a long time to load up and get started on all the systems I run it on. Maybe that’s me.

I was reading this TinyApps blog post Download Flash videos and I jumped and browsed around on the Grab Any media app/extension that was mentioned.

There I saw a recommendation for the MPC-HC open-source video player. It also comes in a Media Player Classic - Home Cinema (MPC-HC) Portable version over at PortableApps.com.

Me likey!  It is relatively small, launches much faster than VLC, and has so far been compatible with my favored video codecs.

So I’m keeping it around in my portable apps collection.

Another similar alternative to both VLC and MPC-HC is SMPlayer, another free media player for Windows systems also available in a SMPlayer Portable via PortableApps.com.

Always good to have alternatives!

Claus Valca

Rook Security - Milano tool

As usual…a week or more late…

Post Update 2015-07-31 New tool version: Milano 1.1.0 Release with Linux and Mac OSx IOC's Now Included - Rook Security

Anyway, Rook Security spent some time analyzing the data-dump from Hacking Team and in the process have found some indicators of compromise (IOCs) of a Hacking Team presence on a system.

Basically you can download their free/open-source tool which does a quick or full scan of a system and compares the files against known IOC hashes.

Downloads - Rook Security.  Current look for the “Milano 1.0.1: Hacking Team Malware Detection Utility” link.  There is also an MSI version for enterprise deployment.

Then it’s up to your leet skills to figure out if these are false positives or not.

I’ve ran their tool against both my systems. The quick scan is very fast. The full scan took a nighttime to complete on my traditional HDD system but it ran very fast across my SSDD drive system.  In all cases my systems came back clean.

It’s a portable app so no excuse not to include in in your USB carry-stick toolkit.

You may want to keep an eye on their tool for updates. At least one update has been released. It is also unknown if other security vendors are adding the IOC/hashes to their own detection engines.

More info here

Constant Vigilance!

Claus Valca

GSD Windows Defense in Depth Strategy

I noticed more than a few times I have posted a listing of the security posture I take and it has been almost a year since the last topic-specific post here.

So here you go. Tested and approved on Windows 7/8.1 platforms. Not sure yet on Win 10.

  1. TrueCrypt full disk encryption. Yes. I know. Development stopped mysteriously…blah.blah.blah. There are a number of free alternative WDE options for users if you wish (or Bitlocker if your Windows OS supports it) such as DiskCryptor or VeraCrypt. My purpose in using TrueCrypt/WDE is to protect the contents of our system from data-loss in the event the device is stolen. Period. (Note to self…I’ll probably have to do a full TrueCrypt disk decryption before doing the Win 10 upgrade. Hmm… gotta think about the options for WDE on Windows 10 carefully as Bitlocker only valid on one of my systems. Thoughts or recommendations anyone?)
  2. I’m using the built-in Windows Firewall product with (generally) default settings.
  3. I keep the Windows OS fully patched (drivers too as best I can) to minimize OS vulnerabilities.
  4. I keep any (remaining) third party plug-in software (such as Flash, Java, Silverlight, etc.) fully patched and install updates as soon as a new build version is released. However..see item 4.
  5. I have continued my march on removing Flash, Java, etc. plug-ins from our systems…with little ill impact. You can’t exploit what isn’t installed.
  6. Microsoft Security Essentials - Microsoft Windows. Far from the most robust or highly ranked, what I loose there I gain in the additional security layers below. Also the interface is easy to work with and manage and it plays well (thank goodness) with the additional security layers. My alternative choice would be Bitdefender Antivirus Free for those who need a super-duty AV product.
  7. Malwarebytes Anti-Malware & Internet Security Software - I use the “Premium” version on our systems. The free version is good too, however it doesn’t include “real-time” monitoring features.
  8. Malwarebytes Anti-Exploit Free - I use the free version of this tool as it covers all my primary concerns. Works great (as far as I can tell!) for zero-day exploits against (primarily) web-browsers.
  9. Enhanced Mitigation Experience Toolkit - EMET - Use of this anti-exploit platform is left for the more tech-savvy folks…particularly when combining with Malwarebytes Anti-Exploit. They can co-exist but takes some tweaking to harmonize with Internet Explorer in particular.
  10. CryptoPrevent Malware Prevention - Foolish IT - I use the free version to help protect all our home systems against ransomware/cryptoware threats.
  11. GlassWire - I use the free version of this firewall product for it’s logging features.
  12. Zemana AntiLogger Free - I’ve only recently found this product. It seems to be working well in the background.
  13. Process Explorer - Microsoft Sysinternals - I have this set to run in my system-tray automatically at login. It lets me quickly monitor and check on running processes and sub-processes. I check often so I can remain familiar with the normal running processes. If something new appears it should stand out to me and I can explore further.
  14. Sysmon - Microsoft Sysinternals - This core service runs in the background doing logging of process creations. I had turned on the network connection logging as well but there was so many entries, even with an event log manager utility it was hard sorting out the noise. So I turned off that option for now. This is mostly good for post-incident review work but it’s good to have running now.

If you are interested here are some previous GSD posts on this subject.

Constant Vigilance!

Claus Valca

Random Thought…

I really get rumpled when I get a robo-call from our neighborhood conglomerate grocery store weeks (nay, sometimes months) after we had bought and consumed a recalled food product from the store shelves.

Thank goodness Lavie and I generally have iron clad guts and reasonably youthful health.

I file those calls under TL:DMN (Too Late:Doesn’t Matter Now)

--Claus V.

Windows 10 Linkpost - Almost Here Edition

udirai2f.ocw

“Number 10” CC by 2.0 attribution: by yoppy on flickr.

Confession. In my “to be blogged” pile I have two folders of shame. One is titled “Windows 8/8.1” and the other is titled “iOS7”. They are filled with applicable links I collected but didn’t post on the lead up-to and immediately after those OS releases.  I need to file them.

Likewise, it has been a while since my last significant Windows 10 post. I don’t want to make that same mistake so here you go. Full Win 10 post out of the primary hopper. I’ve still got some Windows 10 feature-specific items I want to get out on their own “standalone” posts, but for now, this should do.

Generally I have enjoyed the Windows 10 TP builds I have been using. The last release before you had to use a Microsoft account to continue to get the updates was very solid. I took a pass on extending the build updates as I still don’t much like the idea of tying Win 10 (consumer) usage to an online account -- a la Apple iCloud or Google Chromebook. The Valca ranch is keeping to local accounts only for our systems. Sorry Microsoft.

Lavie was generally impressed with her foray through the Win 10 VM I put on her laptop. It’s close enough to Windows 8 that while she noted the clear differences, it didn’t freak her out like Win 8 did. She also likes the native Win 10 Start menu and we may not need to load Start8 or Classic Shell.

The only “major” complaint I have is the silliness of having the Win 10 GUI design for features/settings/configs but also having the “classic” GUI elements scattered amongst them. The Win 10 GUI design is “modern” but there is just so much wasted space (white-space for you print layout geeks) that I feel like I’m reading out of the “Large Type” book section of the library (no offense Pop). I prefer the tight and compact views when we are addressing configuration and settings.

Which leads me to a critical thought. In the “"*Nix” world there are several different desktop environments one can pick from depending on your preference. Not all desktop environments are fully compatible with core build platforms, but many are. Wouldn’t it be CRAZY if MS released a core (non-GUI) OS base for desktops that one could then install your own preferred (alternative) desktop environment? Say something like Server Core for Windows Server 2012 R2 and Windows Server 2012 (Windows). Jerry Nixon had a brief talk about the “core” concept Windows Core is Windows 10 is Windows Core is Windows 10.  Then again, that might be too technical and challenging and the *Nix world already has that idea well matured. Still--it’s a thought. There are already a few “replacement” Window shells out there still: Five replacements for the Windows 7 desktop via TechRepublic.

I still plan on upgrading my Win 7 Professional laptop system “Alister” to Win 10. Probably in September or October. Then maybe in 2016 depending on how that went upgrade my primary laptop “Tatiana” to Win 10.

Lavie will probably get Win 10 placed on her laptop by the end of August.

I’ll let you know how things go…

Official Windows 10 Site - Microsoft

Now, on to the link dump…

Win 10 - First Considerations

Win 10 - Gut Checks & Getting Started Guides (Safe for All Audiences)

Win 10 Flavor Details

About that Win 10 Upgrade icon…

Win 10 How-To’s…

Win 10 Updates and Upgrades

Now what could go wrong with mandatory/forced updates?

Oh. Yeah. That could happen…so can you stop it? At least for now? Maybe…

So how long are we good for?

More for the Admins

Opinion and Analysis

Depreciated but maybe useful in reference

Note, these are mostly pre-release build update notices and feature pick-apart reviews. Or ponderings on things generally no longer being hotly discussed.

Good Luck!

--Claus Valca

Browser Bits

Some quick news primarily regarding Vivaldi and Firefox web browsers.

Vivaldi

I’m still not anywhere near the point of using Vivaldi as a daily web-browser. But the development work on the snapshot and technical preview releases is coming on strong. There seems to be a new snapshot release once or twice a week.  It is fast and I’ve not encountered any fatal bugs yet. And that bookmark sidebar feature on a Chromium based browser can’t be beat by anyone except Mozilla’s Firefox. Release updates from the most current, downward.

Firefox

I gotta say. I follow more than a few of the Mozilla Developer blogs and channels. I like the technical discussions particularly those that relate to security. But special thanks and credit is due to the color-commentary and analysis provided by The Guru over at Firefox Extension Guru's Blog. The Guru never fails to deliver additional perspective and context of issues with Firefox build features and sea-changes by Mozilla. While I may read some Mozilla news with a “oh, that’s interesting” a follow up post by The Guru leaves me with a “totally missed that detail & impact!” experience.

Mozilla recently released background on an internal initiative “Great or Dead” where they seem to be showing a desire to listen to their user base and re-evaluate the features baked into Firefox. I am NOT a programmer so I can’t begin to fathom the challenges of coding a complex and secure web-browser that keeps pace with the web standards while stretching for backward compatibility. That said, I would really like to see Mozilla return back to its early “hot-rodding” vision of a stripped down core browser that can be customized by the user via add-ons. I’m totally cool with forced extension signing (though provision of a two-key missile silo “override” about:config option would be helpful). All these “extras” are cute but can be addressed via add-ons. Maybe what Mozilla needs to do is a campaign about their add-on “store” to introduce the concept and help general (non-technical) users find and customize the core framework to their own needs. Or perhaps put together and showcase add-on “starter packs”; social-media pack, cord-cutter pack, pen-tester pack, etc. Yes there are collections, featured, and most popular pages already. But for a Firefox noobie these may be overwhelming.  Just a thought.

Get ready for some potential UI changes in Firefox 40 when it runs on Windows 10.

And while Mozilla seems to make some progress with Flash-security, they also seem to take several steps back by (currently) (bug?) stopping Silverlight from loading on Win64 builds but still allowing Flash. See The Guru’s posts for more perspective.

Pale Moon

OK. While I’m not “heavily” monitoring the Pale Moon project, I continue to glance at the project so that if -- sometime in the future -- Mozilla totally jumps the shark with Firefox feature development, I will have another familiar platform to switch out with.

I have a portable version of Pale Moon that I keep around but haven’t done any tweaking or extension adding at this point. It feels familiar but different compared to Firefox. Kinda like when it dark in the morning and a grab a pair of jeans to pull on and find they are the odd Wranglers I own in the stack of Levi’s.

Cheers,

--Claus Valca