Slashdot Mirror

Mike Lin's Startup Monitor is an ultra-simple version of what you're asking for.

I'm not afraid of the registry and use it for a lot of things, but there's no need to manually edit the registry to enable/disable startup items when there are easy to use GUI tools included with Windows. MSCONFIG is pretty popular and easy to figure out. A really easy troubleshooting step is to have them hide all Microsoft startup entries and then hit "Disable All". Then you can slowly work back and re-enable any third party entries that you discover you actually need. You can also edit the startup items fairly easily under the Windows Defender control panel. Any other entries related to drivers and services can be edited through their appropriate MMC snap-ins and are under the Administrative Tools section of the control panel.

I also usually like to install Mike Lin's Startup Control Panel on people's systems so they can find it easily and it has a pretty solid interface for editing startup items. SysInternals autoruns is the most powerful startup editor but is a bit too advanced for some people to use (since they can disable a lot of things they probably have no idea about like WinLogon modules).

"I disabled all autorun/autoplay after that, but I'm still wary enough that I run Avast to help avoid another similar situation."

Yes to disabling autorun. That's the vector for the only worm I've seen in 10 years of running XP in the way the previous post described (it came in on a USB flash drive). So, add to his list:

* Disable autorun/autoplay correctly (note: Microsoft's advice will NOT kill it off completely).

* Run something lightweight like StartupMonitor to catch programs that try to install things in the various startup locations (useful to control bloatware too)

And something else I've done:

* make a fake, read-only AUTORUN.INF directory on usb flash drives and other portable devices so that when a worm tries to write on there, the filename already exists and it fails. So far I've not seen any worms smart enough to look for pre-existing files and delete them before attempting overwriting, and by making it a directory with that name the deletion process is more complicated.

I actually need and use iTunes (to talk to my iPhone), but one thing that shits me to no end is that every time I get a point-release update of iTunes, it installs two hidden "on startup" items. I have to use the 'msconfig' tool to get rid of them every bloody time.

This works pretty well for me.

I notice the "replicating the config files" is talking about servers. Like I said servers are a completely different animal than desktops with home users. Sure, if you have 100 twinkie servers or an enterprise where every. single. desktop. is an exact copy of the other one? Yeah then Linux is no problem there whatsoever. But with home users we are talking a God awful mix of Dell and HP and whitebox and who the hell knows what added into it. With those I doubt VERY seriously that shell scripts are gonna work because you would have no fricking clue as to what is installed or running on that thing.

With home users the twinkie nature of the registry makes life a WHOLE lot simpler, as HKEY LOCAL MACHINE is the same everywhere. The same .reg file that works on Granny's PC works on little Timmy's down the hall. Which is why I don't get the hate, as trying to manage the myriad of different hardware environments goes from being a world of pain to a "clicky clicky and reboot" situation.

As for startup? If you don't want to deal with MSconfig, which frankly was a piss poor design, then there is always Startup CPL the standalone version. Only 34k and no need to install anything. Just "clicky clicky" and there is all the startups in nice little columns. Sadly MSFT has always been piss poor when it comes to designing built in solutions, which is why there are so many tools like EasyVPN that lets you chat with a person while taking full control of a desktop and fixing their problems. There of course is also standalone tools based on VNC that let you send them a simple .exe and take control that way. Either is better IMNSHO that Remote desktop. And as for managing 100s of desktops? That is what .MSI and GPO is for.

But again enterprise is a totally different beast than home users, which is what I'd say a good 80%+ of desktops out there are. And again that is where IMNSHO the reg really shines. It is the same no matter what the hardware, it is as easy as firing up notepad to cook up a .reg file, and it takes all the thinking away from the home user, so instead of "sudo gedit /name of config file/"(its been awhile so excuse if I didn't get the command correct) and a bunch of commands I can just say "see that file I sent you? Yeah just clicky clicky that and reboot" and I still say it just don't get any easier than that for home users, which is why we haven't seen MSFT try to toss the registry for Unix style config files. And with so many third parties making software for Windows you just know that config files would look like somebody blasted the HDD with a shotgun. Just look at how long it has taken to get developers to not assume everyone is admin. With the registry everyone from Adobe to ZBrush is in ONE spot, and I can easily manipulate the settings with a small and simple file. And I still say it just don't get any easier than that.

c) Installs some fucking crap ass community software that was never asked for or mentioned when making the initial purchase over steam. This shiet from Rockstar goes in the system tray and puts up a fricken splash screen at every reboot on your desktop just to play their game.

This really annoyed me as well - Startup Guard caught it trying to register that community crap to run at startup. Denied it but it still keeps itself running after closing the game. I mean why? What chance is there that I want that crap running 24/7 on my PC? Reminds me of the last time I installed Real Player. Right click on the tray icon and you can uncheck "run at system start" so at least you can turn it off, but it is still out of order.

Not had any of the other problems you mention though - well except the 15GB (!!) download from Steam, I'd have bought a physical copy if I'd known it was that big.

If you don't want programs stealthily setting themselves to run at startup, download the following pieces of genius:

http://www.mlin.net/StartupMonitor.shtml

http://www.mlin.net/StartupCPL.shtml

They are StartupMonitor and Startup Control Panel, by Mike Lin. StartupMonitor is the really awesome one.

Every time its message comes up saying "Hey, some driver thinks its terrible control software needs to run all the time! Want that to happen?" and I click NO, I laugh like a person who has just been given the means to set people on fire through the Internet. It is the fucking bomb to end all bombs. It is made of antimatter.

If you don't want programs stealthily setting themselves to run at startup, download the following pieces of genius:

http://www.mlin.net/StartupMonitor.shtml

http://www.mlin.net/StartupCPL.shtml

They are StartupMonitor and Startup Control Panel, by Mike Lin. StartupMonitor is the really awesome one.

Every time its message comes up saying "Hey, some driver thinks its terrible control software needs to run all the time! Want that to happen?" and I click NO, I laugh like a person who has just been given the means to set people on fire through the Internet. It is the fucking bomb to end all bombs. It is made of antimatter.

Startup Monitor is a pretty old program, but it works great on Windows XP, the developer says he has not tested on Vista. It prompts for every change to startup, it's great for blocking programs which try to add themselves every time they run.

I've never had a problem with this and I've reinstalled my family's computers several times this year alone. On a fresh install I go to the options to prevent it from running from start up. If that fails you could try something like Startup Control Panel or Startup Manager; always handy tools to have on the bench anyway.

I don't usually bother to uninstall Messenger but there is plenty of information out in the tubes.

It would be nice if it wasn't included in the beginning but I never experienced the problem of a resurrecting exe.

(I don't know about Vista)

The privacy policy is not relevant, the EULA is.

I work for a small codeshop that does (among other things) document management applications. Our apps have a browser-based UI, and if I'm reading the EULA right, any information (including documents etc.) used with our apps are automatically licensed to Google if the user uses Chrome.

IANAL and I hope I'm wrong, because otherwise I can't see how Chrome could be used with business applications at all.

There's a difference Chrome automatically installs a GoogleUpdate executable and adds it to your autoruns; I really hate it when applications do that.

StartupMonitor is your friend.

Startup monitor should help.
http://www.mlin.net/StartupMonitor.shtml

It asks you whenever some program tries set to auto start. Very nice. I've used it for about 6 months and I have yet you have one program auto start without me letting it. The only annoying thing is when doing updates you have to click 'Allow' like 5 times. YMMV of course.

Or use Mike Lin's awesome MakeAppsNotSuck control panel. Well, that's my name for it.

Security is best in layers. So you don't download cracks or warez. Great. You've eliminated a big source of virus infestation. I'll go out on a limb and assume that you don't open e-mail attachments or download screensavers from websites either. But perhaps you just bought a brand new hard drive and connected it to your system. Congrats. You now have a trojan on your system. Since you're not running an antivirus application, you won't know that your system is infected. If you were running a firewall, it might pick up a rogue process trying to connect to the Internet and alert you to this. If you ran a program like Startup Monitor, it might alert you that the trojan was trying to get itself to run at Windows startup.

If you ran an anti-spyware application, you might find out that that application that you know and trust recently added some spyware into the install. Perhaps the spyware addition wasn't even listed as an option for disabling. However, again, a firewall or Startup Monitor would alert you to the presence of this infection based on its behavior (trying to access the Internet and setting itself to run on startup). An anti-spyware application would find and clean the spyware off your system.

Even the most careful user will slip up (or be blindsided) once or twice. The security layers will prevent your system from being infected (or will minimize the damage) when those slipups occur.

As a side note, I'm always amused when people say "I've never run an anti-virus scan and I have never had a virus infection, EVER!" If you don't run antivirus, how do you know that you're not infected. (This last point isn't directed at you specifically, but at a general attitude I've seen over the years.)

I believe this is what I used.I can't tell you for sure as I'm on my single cpu laptop up the side of a mountain right now at my uncles farm.Anyway if that isn't the right program just go here.I heartily recommend this site for anyone who needs a nice free tool for a specific task.They have IMHO one of the best search engines out there.Simply type in the search box what you need the program to do and they'll find you a freeware program that'll do it.Really takes the guesswork out of finding freeware.

And so many of them are bundled / built in with the drivers for the hardware, so you can't even get rid of them!

that pretty much every study about viruses or computer security are paid for by the virus and computer security companies, and their conclusion is always more people need to buy their software?

I'm tired of those companies and their products. They overcharge for their products, force you to upgrade when the upgrade barely offers any additional coverage, and their products slow down computers (my biggest pet peeve).

A few preventive measures can make virus checking useless. Use firefox, not IE. Don't use outlook. Never open VBS files. And run something like this: http://www.mlin.net/StartupMonitor.shtml
Not only does startup monitor catch most viruses (who always place something in your startup registry), it keeps your computer lean from bloated software.

Not perfect, but handy anyway...

http://www.mlin.net/StartupMonitor.shtml/

What you need is Startup Control Panel - great for managing those obnoxious apps that insist on being loaded at startup.

Available at http://www.mlin.net/StartupCPL.shtml

(no affiliation to the creator, just a very happy user)

Just for anyone who doesn't know, check out Mike Lin's Startup Monitor and Startup Control Panel for a nice solution.

Just for anyone who doesn't know, check out Mike Lin's Startup Monitor and Startup Control Panel for a nice solution.

Or, just get Mike Lin's tasty startup control panel.

It should not take that long for your desktop to work. Download the Startup Control Panel applet and disable everything that's attempting to boot. This tool is really nice as it has a tab for every way for a program to autostart itself.

I use then when writing auto-install scripts. For each app that tries to autostart (which is absolutley unnacceptable for any application to do) I find out how that particular one does it and disable it after the install/upgrade.

Agreed on Sysinternals Autoruns. Everything from them is good. I don't remember if it provides protection, or just allows you to disable existing autorun stuff.

See http://www.mlin.net/StartupMonitor.shtml for a good protector. By the same guy, there's also a control panel applet with similar functionality to SI's Autoruns. It's surprisingly small and powerful.

After doing that and then downloading Process explorer to make sure it isn't replaced is to look in your startup with either MSconfig or startup control panel.
http://www.sysinternals.com/Utilities/ProcessExplo rer.html
http://www.mlin.net/StartupCPL.shtml

I want the files on the disc readable from any system, so no proprietary backup wrapper or DAT files, please.

That's nice, but the vast majority of crap will install itself in some standard startup places, and can be caught doing so by StartupMonitor. Thanks for the link, though.

Most small company sysadmins need to at least occasionally deal with Windows. I prefer to do so without leaving my desk. I also ensure cygwin and sshd are on Windows boxes, so that I don't always need rdesktop or vnc. ...

My windows list would look something like

• uptime.exe
• cygwin with sshd, exim, and cron installed as services
• PuTTYcyg, which is PuTTY with the ability to run bash shells locally (i.e. xterm)
• SysInternals Junction, directory symlinks in NTFS
• StartupCPL, monitor everything that starts up when Windows does
• 7-zip
• WinSCP
• KNOPPIX for when shit hits the fan
• Debian for when it won't come off the fan
• One antivirus (any, I prefer PC-Cillin) and two anti-spyware agents (any two with different engines)

I first try removing junk via Add/Remove programs and then cleanup startup/autorun entries with Startup CPL

Security Task Manager (shareware) rates each process in how likely it is to be malicious and gives you the option of killing or quarantining (or uninstalling the corresponding program if appropriate). I've had good success with eliminating nasties that were sucking so much CPU that Ad-Aware and Spybot couldn't finish scanning.

BartPE is a great live CD, especially with the RunScanner plugin that lets you run Ad-Aware on the local machine's registry. RegeditPE was also mentioned by someone.

And of course surf the web with Firefox or Opera.

And of course surf the web with Firefox or Opera.

http://www.mlin.net/StartupMonitor.shtml - it's a freeware app that tells you each time something tries to register itself to run at startup. Those damn on-startup apps are what slow the machine down the most, especially for non-technical home users. You'll be amazed at how many things believe they must run every time you start your computer.

You don't any MS program to do that. It's been available for years in other freeware.

For preventative measures, you could try Startup Monitor by the same guy. I've not tried it - I'm trying MS Anti-Spyware at the moment, which does a similar thing as part of its protection.

For preventative measures, you could try Startup Monitor by the same guy. I've not tried it - I'm trying MS Anti-Spyware at the moment, which does a similar thing as part of its protection.

I've installed a lot of software that insists on putting something in startup. Network tools that want to put a menu in the systray, adobe software (like photoshop) that puts all this Adobe stuff in startup, and even a video encoder I have (a very nice one too) drops something in startup. Most of the media players do it, too.

It's not necessary, for the most part. While some applications have an option to turn these features on and off, most don't. It's silly.

You can fix most of them with Startup from Mike Lin, I like the stand-alone.exe version and just stick it on the desktop. It's nice and small so it's handy to put on a floppy or keychain-usb as well. http://www.mlin.net/StartupCPL.shtml

I found a really useful little tool called TraySaver. It allows you to minimize any running program to the tray, and hide any unhidable icons from the system tray, including its own icon. Without it I feel swamped by the countless icons Windows forces me to keep, including the 'Safely Remove Hardware' dialog asking me if I want to disconnect my USB modem. Uh, no.

Obvious answer is anyone doing web design.

Not really. Smart web designers simply change their browser size. WindowSizer from this page works nicely.

And it's nice to have Mike Lin's StartupMonitor and Startup Control Panel installed. Helps to keep things from being added to start without your knowledge, and lets you disable them after the fact.

And it's nice to have Mike Lin's StartupMonitor and Startup Control Panel installed. Helps to keep things from being added to start without your knowledge, and lets you disable them after the fact.

For power users, mostly (because they'll confuse your grandma)

• Startup Monitor. Priceless for dealing with crap like Real or Quicktime that always want to setup stubs to run at boot. The popup warning is pretty non-descriptive, though.
• Startup Control Panel, also from Mike Lin (the Startup Monitor guy). Similar to msconfig's Startup tab, but more powerful.
• Pretty much anything from Sysinternals. And they provide source!

For power users, mostly (because they'll confuse your grandma)

• Startup Monitor. Priceless for dealing with crap like Real or Quicktime that always want to setup stubs to run at boot. The popup warning is pretty non-descriptive, though.
• Startup Control Panel, also from Mike Lin (the Startup Monitor guy). Similar to msconfig's Startup tab, but more powerful.
• Pretty much anything from Sysinternals. And they provide source!

Better idea.

I use a free crapware blocker (Adaware) and a couple of very simple registry utilities that prevent anyone from setting a registry key without my permission. Not at all bulletproof, but it works for me.

Now a couple of things about those programs. I do install each and most importantly Run Them For Each User account on a XP PC. Adaware I believe has a larger database/scope and catches more things. Spybot is able to get things running in memory by running first thing on reboot. One other free tool that I find very useful is this control panel applet that is what msconfig should be.

There are Many things that these programs do Not catch even when updated. I ran into reaIplay.exe tonight. I had to boot into Safe Mode command line to manually delete it. A couple of weeks ago I had to delete a file from an alternate Windows file Stream. There exists this netherworld of alternate data in XP that is not accessable via any of the regular tolls.

And the last thing I do is install Firefox and tell them to Use It Damnit or I'm upping the charge to a case per 500 infections.

Seriously guys, none of these spyware removers are even remotely perfect and they all suck time and CPU cycles. I disavow any knowledge of this guy, Mike Lin, but his itty-bitty FREEWARE program kicks butt.http://www.mlin.net/StartupMonitor.shtml It does one tiny little thing with almost zero overhead, it tells you what wants to insinuate itself into one of the several startup vectors of Windows. And gives you the option of not allowing it. Any spyware must have some part that runs at startup. This gives you a warning and a filename for googling to remove whatever you have contracted. Probably works for many worms, viruses, and trojans too.

I don't have spyware cuz I check processes for new things that pop up (XP Pro). I've had malware before and I reformat ASAP. Now, one nifty line of defense I use is a freeware program called Startup Monitor. http://www.mlin.net/StartupMonitor.shtml

I would work off of mostly good free small software packages that allow for donations. Then you can make some bigger software that sells for a nice fair price. This is how people like Mike Lin do it. In my opinion, at least for portable programs the GPL is the way to go.

Yes, but when this kind of thing happened on Windows, it was Windows' fault for not having the proper security mechanisms to stop it. The difference is that Windows will set up all users as administrators, true, but running as a plain user can be very bad too. The fact is, neither of the OSes provides (by default, at least) substantial protection from such attacks.

Allowing only registered executables to run could be set up to prevent such things. Microsoft signs their patches and programs too, but no regular user will ever check.

Incorporate such functions in the OS or GUI. Harass the user whenever an executable or shared library is introduced to the system: "Here are the certifications, do you trust this?"

Limiting permissions up to the user level is not enough anymore: VM based environments such as Java and .NET have program/assembly-based security systems. But although the technology exists, it is very poorly handled, at least in the .NET front where I am experienced: There is no simple wizard to set up settings the way you want them, there is no popup dialog asking you how much you trust this executable and which permissions it should get. Such technology could go a long way in preventing such ridiculously simple attacks from succeeding in the future.

First time I saw a similar feature was in Kerio Personal Firewall, which would ask everytime a new program would attempt to connect somewhere, or have something connect to a port it opened. It was simple and effective, and the 'harassment' was more than worth it (SP2 does something similar, but it's flawed*).

In conclusion. I want to say that I believe if all people had:

1) Startup Monitor - Painfully simple, no one should be without it.
2) Kerio Personal Firewall, or equivalent
3) An executable monitor as described above.
,the *real* reasons for Windows' pathetic security record would be no more. Never mind those vulnerabilities: I could give you a .exe that would delete all your documents, and you have but to click on it (I swear it decrypts HL2 from the Steam files :-) The same, of course, applies to Linux.


* SP2 tells you when an executable tries to connect, and waits for you to decide if you want to block it, but it *does* allow the connection to work until you decide what to do with it. Furthermore, I'm not sure if it can tell if an executable was replaced with a compromised version (Kerio has MD5 hashes)