Slashdot Mirror

Review the minidump files to find the offending driver or subsystem that's causing it. For an easy to view breakdown, you can use NirSoft's BlueScreenView

Dnsapi.dll = faulty w/ large hosts slow usermode dnscache I turn off "dnscache caches Domain Name System (DNS) names... If the service is stopped DNS names will continue to be resolved" FROM http://www.nirsoft.net/dll_information/windows8/dnsapi_dll.html/

Hosts = cached in RAM by local kernelmode diskcache subsystem (hosts is a data file w/ NO context-switch speed hit between it & the IP stack (tcpip.sys)) & NO SIZE LIMITS (known issue in dnsapi.dll/dnscache slower usermode service) in LOCAL SYSTEM RAM minus wasting resources on FAULTY slower dnscache/dnsapi.dll!

APK

P.S.=> W/ my 50 FAVORITE SITES WHERE I SPEND MOST TIME ONLINE placed @ the TOP of hosts for FASTEST POSSIBLE LOCAL RESOLUTION (faster vs. remote dns calls & many times less weight + power consumption & moving parts complexity of a local dns server)... apk

I can think of a plausible way to track you, based on cookies, your wifi MAC address and the store's wifi network (whether or not you choose to join it).

Facebook app grabs your wifi MAC and checks your phone's cookies, then transfers that info to someplace in the cloud, which is later aggregated with a list of MACs seen by the store's wifi network.

"wifi Probe Requests" -- they include your MAC and it seems every smartphone sends them when it's looking for APs to connect to.
http://www.nirsoft.net/utils/w...

This is actually much simpler. After upgrading to Windows 10 (aka, "Windows Spyware") then pull your activation key with something like produkey (or similar untrusted-ware that probably steals your info). You can then use the "Microsoft Media Creation Tool" (search for this yourself you lazy bastard; it's an actual Microsoft tool). Then wipe your whole disk and reinstall a perfectly clean Windows 10 install. You actually won't need the activation key if you log in with an online Microsoft account (that is, you log in with your email address and give Microsoft access to your life).

It's so simple, why don't people get it?

See subject - & there's a LOT more of them shown there, & again: Test it yourself...

* It's even recommended to do so yourself...

Lastly - that article, & things like it I'd seen on VISTA, Win8x onwards too? Sealed the deal for me - no Windows 10 for me @ least... as I think that MS has lost its collective mind once Ballmer got hold of things to ruin it (to try to turn MS into "an advertising power", & to be GOOGLE - big fail there, buying up an advertising network that cost MS many million$, only to fail!)

APK

P.S.=> Very easy to do, GUI easy in fact, using these tools from Nirsoft -> http://www.nirsoft.net/utils/i... (I'd recommend using Network Latency View in fact - I use it quite a lot for determining what is connecting to me that I CAN'T see easily, like trackers & especially those served by IP Address (goes into a firewall rules table then, vs. hosts files))... apk

http://tech.slashdot.org/comme...

Mentions a HOSTS file editor, a reply to that will show you how you can block what bothers you.

Microsoft is tricky to block, a lot of the times you end up blocking a certification site.

http://www.nirsoft.net/ has two programs I use HTTPNetworkSniffer and smartsniff (both require Wincap) as well as reading ToS's is how I determine what's needed to be blocked. https://www.robtex.com/ is what I use to make sure I'm not blocking something I shouldn't.

I've no reason to upgrade, Win7 is a fairly decent OS.

8.1 (spare laptop) got a lot easier after learning the Win key takes one to a normal screen and putting a shutdown shortcut on the desktop: Shutdown.exe /s /f /t 10 -But it's just a container for music/movies and not connected to the Internet, no reason at all to screw with it.

use this http://www.abelhadigital.com/h... system wide adblcoking.

I'll give it a try, I edit my HOSTS file by hand and UltraEdit, HostsXpert I've used but has a tendency of replacing the space after local host with a tab.

Microsoft is tricky to block, a lot of the times you end up blocking a certification site. The very first thing your system (Win7) does is send a request to Microsoft, that I blocked after KB3035583.

http://www.nirsoft.net/ has two programs I use HTTPNetworkSniffer and smartsniff (both require Wincap) as well as reading ToS's is how I determine what's needed to be blocked. https://www.robtex.com/ is what I use to make sure I'm not blocking something I shouldn't.

Editing ones HOSTS file is becoming quite an exercise.

For example, if I wanted to see most recent documents, and I had appropriate workstations available, in about 10-15 minutes, if I though you were worthy of a deep search, by looking at date stamps and sector sparing tables for las sectors pared, and which files they are attributed to, I could likely find everything that changed on the disk from 5 days before you booked the ticket, up to now.

Even if things are encrypted, that's information, and there are exposed timestamps that could tell me if I should copy/confiscate for further examination, and/or find something incriminating to hold you personally on, or hold you on the suspicion of having done.

Bulk File Changer by NirSoft. howtogeek.com says "BFC was created to help you build file lists from multiple folders then edit their creation, modification, and last accessed times. You can also adjust the file attributes (Read Only, Hidden, and System). It also integrates seamlessly with Windows so that you can copy, paste, and move files around."

http://www.nirsoft.net/utils/bulk_file_changer.html

Also from Nirsoft is Folder Time Update http://www.nirsoft.net/utils/f... They are less than 150KB for the two of them.

The link brought up a virus alert (malicious script / trojan).

I came across the story at drudgereport.com while keeping one informed drudgereport.com will send you places that you wouldn't normally go (who pays I figure).

Looking again there was a > 403 Forbidden, at the top of the page (didn't like me)
From (/Affiliate/SearchBoxImpression.ash)

One of the few site's I've been to that safebrowsing-cache.google.com/safebrowsing Isn't supplying it (I've blocked that link as it's the same tracking) - I unblocked it to view the link I posted. depending up on what your using it could of been a Google alert ( I don't run Chrome).

I wouldn't intentionally send anyone to a "bad" link, but it's best to be prepared.

I use simple things: HTTPNetworkSniffer and SmartSniff both from http://www.nirsoft.net/ to view HTTP activity, and normally have them running, if something odd were to of shown I'd of used a copy and paste of the text.

Thanks though.

"A web server may return a 403 Forbidden HTTP status code in response to a request from a client for a web page or resource to indicate that the server can be reached and understood the request, but refuses to take any further action. Status code 403 responses are the result of the web server being configured to deny access, for some reason, to the requested resource by the client." http://en.wikipedia.org/wiki/H...

"Power Pro - tell me you know what that is and you'll be the first, I've used it since Win95"
Windows PowerPro gives you the power to control your system and how you access programs because it allows you to choose the combination of how to activate and what to activate.

You'd think it was a fishing line, it's now delegated to the second page of resultshttp://powerpro.cresadu.com/

Thinking of subject after posting to it, I have programs that I use all the time without them being "to die for", just damn handy to have around like.

SndRec32 - open it up and play small sound bytes as fast as you can drop them on top of it, or use VLC (excellent in it's own right) to take it's sweet time to play a 2 second clip. SndRec32 isn't part of Win7, I had to bring it over from XP.

Just about anything by sysinternals http://technet.microsoft.com/e... or nirsoft http://www.nirsoft.net/

HTTRACK - website copier

PEEK is the program I couldn't remember that was handy as heck.
PEEK Version 1.1 for Windows95 and WindowsNT 4.0
Contextmenu Extension providing simple text extraction for any file.
XP broke it; but the read.me just might be enough to walk me through editing it to work with any Win OS (one can hope).

I found a program called "Universal Viewer" that claimed the same ability as PEEK, I tried it out on a batch of jpg's that are corrupt to see what I could find, It printed out: JPEG error #53 - I miss PEEK! :}

Block out corporate level stuff via 3 tools: Your native firewall + Nir Sofer's "Network Latency" tool ( http://www.nirsoft.net/utils/n... (like my tool below this also comes in portable 32 + 64-bit versions ) - & IT spots the things you DON'T See *trying* to connect to you, ala e.g. on Slashdot + others:

---

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346B1D1D-C17E-40CF-8362-2104B30FE05F}"="v2.10|Action=Allow|Active=TRUE|Dir=In||RA4=272.21.91.29|RA4=205.188.201.176|RA4=216.137.41.144|RA4=65.55.57.27|RA4=74.125.228.59|RA4=74.125.228.35|RA4=74.125.228.124|RA4=74.125.228.101|RA4=74.125.228.105|RA4=74.125.228.41|RA4=199.30.80.32|RA4=31.13.71.33|RA4=74.125.29.121|RA4=74.125.228.42|RA4=74.50.120.10|RA4=74.125.228.106|RA4=74.125.29.191|RA4=74.125.228.108|RA4=74.125.228.107|RA4=23.76.230.135|RA4=178.255.83.1|RA4=199.27.76.184|RA4=199.27.72.185|RA4=23.0.160.16|RA4=184.51.126.59|RA4=184.51.126.25|RA4=184.51.126.11|RA4=184.51.126.34|RA4=206.204.54.93|RA4=23.52.155.27|RA4=50.22.232.74|RA4=184.172.2.117|RA4=23.67.250.99|RA4=23.67.250.106|RA4=23.67.250.138|RA4=23.67.250.121|RA4=71.6.170.45|RA4=74.125.228.110|RA4=23.67.250.122|RA4=63.117.14.248|RA4=23.50.75.27|RA4=199.27.76.133|RA4=199.27.78.133|RA4=199.27.72.133|RA4=207.123.55.126|RA4=23.67.250.130|RA4=166.98.6.29|RA4=23.50.69.163|RA4=23.67.250.146|RA4=23.67.250.114|RA4=131.253.13.21|RA4=23.76.218.156|RA4=74.125.228.92|RA4=72.21.91.29|RA4=134.170.188.84|RA4=74.125.228.78|RA4=23.67.250.89|RA4=131.253.40.1|RA4=74.125.226.92|RA4=74.125.226.91|RA4=74.125.228.66|RA4=74.125.226.59|RA4=23.66.196.230|RA4=31.13.71.49|RA4=131.253.61.98|RA4=131.253.61.82|RA4=208.87.24.17|RA4=23.67.244.193|RA4=23.67.244.192|RA4=23.67.242.42|RA4=23.67.242.48|RA4=23.67.242.82|RA4=23.67.242.24|RA4=67.215.67.10|RA4=72.247.10.33|RA4=72.247.9.250|RA4=131.253.61.80|RA4=74.125.228.74|RA4=74.125.228.75|RA4=66.228.40.169|RA4=192.254.190.197|RA4=72.21.92.79|RA4=174.36.2.242|RA4=208.80.154.240|RA4=74.82.175.46|RA4=198.78.201.126|RA4=192.254.234.92|RA4=46.165.250.30|RA4=207.58.178.6|RA4=88.214.195.64|RA4=173.254.28.37|RA4=54.228.200.178|RA4=46.4.74.34|RA4=192.185.226.145|RA4=209.17.80.100|RA4=209.17.68.100|RA4=74.63.161.162|RA4=23.67.244.24|RA4=66.147.244.110|RA4=23.67.244.16|RA4=74.125.228.76|RA4=74.125.228.72|RA4=94.23.241.106|RA4=74.125.228.71|RA4=72.51.51.9|RA4=74.125.228.70|RA4=74.125.228.68|RA4=74.125.228.73|RA4=74.125.226.79|RA4=74.125.226.66|RA4=74.125.226.65|RA4=74.125.226.69|RA4=74.125.228.91|RA4=774.125.228.92|Name=SLASHDOTBLOCKERSIntBound|"

"{0A9D9B6F-7AEB-4D7B-9BD6-7ECDEAE97815}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=272.21.91.29|RA4=205.188.201.176|RA4=216.137.41.144|RA4=65.55.57.27|RA4=74.125.228.59|RA4=74.125.228.35|RA4=74.125.228.124|RA4=74.125.228.101|RA4=74.125.228.105|RA4=74.125.228.41|RA4=199.30.80.32|RA4=31.13.71.33|RA4=74.125.29.121|RA4=74.125.228.42|RA4=74.50.120.10|RA4=74.125.228.106|RA4=74.125.29.191|RA4=74.125.228.108|RA4=74.125.228.107|RA4=23.76.230.135|RA4=178.255.83.1|RA4=199.27.76.184|RA4=199.27.72.185|RA4=23.0.160.16|RA4=184.51.126.59|RA4=184.51.126.25|RA4=184.51.126.11|RA4=184.51.126.34|RA4=206.204.54.93|RA4=23.52.155.27|RA4=50.22.232.74|RA4=184.172.2.117|RA4=23.67.250.99|RA4=23.67.250.106|RA4=23.67.250.138|RA4=23.67.250.121|RA4=71.6.170.45|RA4=74.125.228.110|RA4=23.67.250.122|RA4=63.117.14.248|RA4=23.50.75.27|RA4=199.27.76.133|RA4=199.27.78.133|RA4=199.27.72.133|RA4=207.123.55.126|RA4=23.67.250.130|RA4=166.98.6.29|RA4=23.50.69.163|RA4=23.67.250.146|RA4=23.67.250.114|RA4=131.253.13.21|RA4=23.76.218.156|RA4=74.125.228.92|RA4=72.21.91.29|RA4=134.170.188.84|RA4=74.125.228.78|RA4=23.67.250.89|RA4=131.253.40.1|RA4=74.125.226.92|RA4=74.125.226.91|RA4=74.125.228.66|RA4=74.125.226.59|RA4=23.66.196.230|RA4=31.13.71.49|RA4=131.253.61.98|RA4=131.253.61.82|RA4=208.87.24.17|RA4=23.67.244.193|RA4=23.67.244.192|RA4=23.67.242.42|RA4=23.67.242.48|RA4=23.67.242.82|RA4=23.67.242.24|RA4=6

If you aren't afraid of the command line, then you can do this on Windows, too.

Using the "win" command in NirCmd, you can screw around with window sizes and placement. The "window" command of the for-pay software Take Command can do this as well. There are also ways to manipulate windows in Powershell.

Windows does pretty much do the same thing...

They obfuscate the key, but there are plenty of tools available to easily extract them:

http://www.nirsoft.net/utils/wireless_key.html
gsecdump can extract wireless keys too...

Wireless keys must be available in plain text in order to be used, there's no way around this... Windows just tries to obfuscate the data, which achieves no security benefit but serves to unnecessarily increase complexity.
You could use WPA2 Enterprise instead, so each user has their own private key, so that then only one key becomes compromised.

Windows actually does much worse things, it stores the passwords of system users in a plain text equivalent form.

Why don't you examine the dmp file and find out exactly why it crashed? You can do it online here: http://www.osronline.com/page.cfm?name=analyze, Or user this tool to examine it yourself: http://www.nirsoft.net/utils/blue_screen_view.html.

I don't see YouTube ads. Hosts work for it apparently, & yet certainly do more than any 1 browser addon from faster levels of operations by many orders of magnitude (kernelmode vs usermode) by blocking out access to 3rd party cookies servers (like hosts do for ads). Proof's "in the pudding" results I get!

I.E.-> If the cookies are served up from diff. servers, like ads are, then there's your answer. YouTube, of all things you used, PROVES it for me so far - as I am a AVID user of YouTube!

Determining those servers = Easy with any WinPCap using tool (e.g. - WireShark &/or NetWork Latency Viewer -> http://www.nirsoft.net/utils/network_latency_view.html )

(Glad you chose that example in fact... Why? Well, I had a pal who couldn't understand WHY he saw ads on my connection, yet I didn't, on YouTube on the SAME video we both watched for a test! He uses IE10, I use Opera 12.16 (last "real" Opera)).

* By way of comparson - You're putting on more redundant layers that = unnecessary in browser addons (that for a fact also slowdown webbrowsers too).

APK

P.S.=> There ya go - It works for me, & perfectly on YouTube no less (the very example you used)! Yes, I have JavaScript active on YouTube too (Via Opera 12.16's "by site" preferences as an "exception site", rest have it, plugins, & frames/iframes blocked by default, globally - this is a "native" no addons necessary feature of Opera by the way - again: NO extra "moving parts" needed in addons that slow browsers down)... apk

You're right - & I work around that easily, so can you, as follows (since it's not visible usually like for instance, adbanners are - sneaky, Sneaky, SNEAKY lol!)!

Start by surfing around as normal to sites you like/go to usually (or not), & using a tool called "network latency view" http://www.nirsoft.net/utils/network_latency_view.html

(Which is really just for doing this but it works for this purpose also)

That program shows me those trackers that AREN'T immediately apparent operating 'behind the scenes'.

Then, I just pop them into my custom hosts file like so:

E.G. -> 0.0.0.0 edge-star-shv-03-ash5.facebook.com

And voila: They're NOT going to connect to squat on my system locally, or work @ all, period.

APK

P.S.=> It works (it's pretty underhanded shit imo too, & pissed me off some when I discovered it a few years back) & of course? So does this by "your truly" (yes, shameless plug):

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

Does a hell of a LOT more for you in added speed, security, reliability, & even anonymity to a degree -> http://it.slashdot.org/comments.pl?sid=4034107&cid=44439245 than AdBlock ("souled-out" to GOOGLE, doesn't block all ads anymore by default) &/or Ghostery (owned by advertisers & thus imo is a "fox guarding the henhouse") do.

NoScript rocks for FF users - but, I use Opera 12.16 64-bit here & disable cookies/plugins/javascript/frames-iframes BY DEFAULT globally for all sites - when I need any of those, I do an "exception" site, allowing for them (sometimes you have to for full function, usually ecommerce related or db access type stuff as you probably know).

"Always more than 1 way to skin a cat"

... apk

.. your country bought a shit load of IP address in the early day of teh Internet.

for the record:
Slovenia population: 2M
IP4 reserved IP: 2.5M
http://www.nirsoft.net/countryip/si.html

If you don't believe me? Write Nir Sofer of NIRSOFT -> http://www.nirsoft.net/contact-new.html

He'll tell you what he & I discussed at GREAT LENGTH a few years ago via email on that very thing... as he & I have BOTH had apps falsely accused of being malwares, & none of the apps were!

I had to prove that to this list of antivirus makers:

---

1.) Computer Associates (passed ALL 21 of their removal questions for their IKARUS db (iirc, that's theirs & many others use it, and IT IS LOADED WITH FALSE POSITIVES) to which they lowered it to ZERO threat levels (which upset me since it wasn't even scriptable for attack OR a threat, should have been OUTRIGHT REMOVED)

For another app recently:

2.) McAfee (released & removed another app of mine)
3.) Comodo (released & removed another app of mine)
4.) Symantec/Norton (released & removed another app of mine)
5.) ClamAV
6.) Arcabit/ArcaVir (released & removed another app of mine)

& others... the worst part is, the app noted in 2-6 is ANYTHING BUT a malware & intended to STOP malware!

(Can you stand it?)

---

* Now, that "all said & aside"? I don't "hate them" for it, since I know "shit happens", just like it did to Sophos against their OWN CODE on this one, but... it is annoying, and I suspect done intentionally @ times even (Mr. Sofer noted above & I discussed THAT POSSIBILITY as well).

APK

P.S.=> Also, you *might* want to inquire with Dr. Mark Russinovich of Microsoft (former "co-worker" of mine for Sunbelt Software in the mid to late 90's selling wares we did thru them) - he's had it happen too, for his apps being misused/abused by malware makers & pretty much EVERYONE KNOWS he's most DEFINITELY "not about making malwares"...

... apk

Recently had this situation.

Nirsoft's free "SearchMyFiles" http://www.nirsoft.net/utils/search_my_files.html has a straightforward Find Duplicates mode which helped a lot. It is easy (the most "complex" is designating the base locations for searches as e.g. K:\;L:\;P:\;Q:\), fast, never crashed on me, and had only cosmetic issues ("del" key not working). I recommend running it with administrative privileges so that it does not miss files.

http://www.nirsoft.net/ is also pretty good with its utilities.

GnuWin32

CoreUtils
DiffUtils
FindUtils
Gawk
Grep
Sed
WGet
Zip/UnZip

NirSoft

All Utilities (Ignore False-Positive VirusScan Warnings)

I'd like to see the "normal user" puzzle over this:

http://www.nirsoft.net/articles/windows_7_kernel_architecture_changes.html

Uh huh. That's right. Designing an OS can get a bit.... complicated.

If you get a laptop then get a docking station too so if she does not like the small screen of the laptop or the keyboard, she can dock the laptop and plug in a big monitor and a regular keyboard. She can always undock the laptop to go anywhere with it. Buy a quality pc. Lots of junk out there. I put together a desktop pc using a Gigabyte X58 motherboard and a Intel I7 quad core cpu with 6gb of ram. It was overkill. Look at an expensive model then take note of the specs then look at a cheap pc and do the same. Compare costs and features. Google the brand or parts and see other comments about them. Windows 7 vs Mac OS? I always thought Mac looked better but since I do not use them I cannot say which is better. The market shows 10% for Apple and nearly 90% for Windows so that says something. Windows 7 is half baked. Boy is it disorganized. It is XP and Vista thrown up in the air then picked up and rebranded. Microsoft needs to hire people who have a design flair plus those that actually read the complaints about previous versions of Windows and will work to fix the problems. Something as simple as changing the highlight color of a menu is not possible in Windows 7 with using a program like Resource Hacker and good luck finding the image. Example: right click on your desktop. Cannot change that nearly invisible highlight to what you want using the aero interface. Here are some programs I have found to make it easier to use Windows 7: Use Xyplorer http://www.xyplorer.com/ This is a file manager. Windows 7 folders are a mess. Xyplorer can be customized. See website. Try for 30 days. Costs $42 afterward. Worth it. You can easily increase the size of the text and the spacing by using your mouse scroll wheel or ctrl + shift. See the screenshots at the site. Makes reading the text so much easier. For search use "Everything" http://voidtools.com/ or "Locate32" http://www.locate32.net/ Instantly find anything you are looking for. Windows 7 search just won't. They are FREE. Change the Start menu use "ClassicShell" - FREE http://classicshell.sourceforge.net/index.html Use "Ultimate Windows Tweaker" to fix some of the problems. FREE. http://www.thewindowsclub.com/ultimate-windows-tweaker-v2-a-tweak-ui-for-windows-7-vista Use "Iconoid" - FREE http://www.sillysot.com/ to remember your icon positions. There are 32bit and 64bit versions. In Windows 7 if you hold down the Ctrl button then use your mouse scroll wheel you can increase the size of the icons and text. That is a nice feature but.....When you resize them the icons go all over the place and will not return to their original positions when you revert back to a smaller size. With Iconoid installed you just right click on the desktop and click on Manage Desktop Icons and restore the positions. Windows Vista-7 Taskbar Color Changer - FREE. http://grantman.net/info/win7tbcc 7 Taskbar Tweaker - FREE. http://rammichael.com/7-taskbar-tweaker AveHTMLPreview - Windows Explorer no longer shows thumbnails of HTML files. This functionality has simply been removed. This addon for Explorer will show thumbnails for HTML, MHTL and URL files. FREE. http://www.aveapps.com/htmlpreviews.html ShellMenuNew: Remove Items From ‘New’ Menu Of Windows Explorer. FREE. http://www.nirsoft.net/utils/shell_menu_new.html Use MiniTool Partition Home Edition http://www.partitionwizard.com/partition-wizard-bootable-cd.html to partition your large hard drive without losing any files

None of this is new or amazing, I honestly can't believe something as basic as this would make front page news on /.

Check out http://www.nirsoft.net/utils/#password_utils for password recovery tools, for free, that have been available for ages.

This tool appears to just be a well written exploit targeting not just IE but a number of other Microsoft products. I assume it relies on the "Remember my password" functionality in order to get the password. If the browsers are caching passwords without your consent, they are worthless. I know of generalized tools that will do this for any site you remember a password for: IE PassView, Google Chrome Pass, Messanger Key for instant messengers and even Password Fox.

When you click "remember my password" the browser stores it in a semi-obfuscated way. Yes, it encrypts it but it must also put the key it uses to encrypt your password on your hard drive somewhere. Since your browser is not also a rootkit, any application you run on your box can access everything your browser can write. Therefore you need only spend the time to figure out where the encryption key is being stored and what kind of encryption the browser is employing to encrypt your password. When your mail client or chat client are remembering your passwords, it's no different. We could have a lengthy debate about whether 'remember your password' should be allowed but apparently the majority of users are okay with it considering the convenience it grants them. If they use the same machine to surf malicious websites, this makes it easier for malware to steal the passwords than a complex keylogging system ... and I guess people who click "Remember this password" are just fine with that prospect.

A few simple lines of code later and you too can write your own command line password discovery tool. Slap a seksi user interface on that and apparently you can sell it for $49.

This tool appears to just be a well written exploit targeting not just IE but a number of other Microsoft products. I assume it relies on the "Remember my password" functionality in order to get the password. If the browsers are caching passwords without your consent, they are worthless. I know of generalized tools that will do this for any site you remember a password for: IE PassView, Google Chrome Pass, Messanger Key for instant messengers and even Password Fox.

When you click "remember my password" the browser stores it in a semi-obfuscated way. Yes, it encrypts it but it must also put the key it uses to encrypt your password on your hard drive somewhere. Since your browser is not also a rootkit, any application you run on your box can access everything your browser can write. Therefore you need only spend the time to figure out where the encryption key is being stored and what kind of encryption the browser is employing to encrypt your password. When your mail client or chat client are remembering your passwords, it's no different. We could have a lengthy debate about whether 'remember your password' should be allowed but apparently the majority of users are okay with it considering the convenience it grants them. If they use the same machine to surf malicious websites, this makes it easier for malware to steal the passwords than a complex keylogging system ... and I guess people who click "Remember this password" are just fine with that prospect.

A few simple lines of code later and you too can write your own command line password discovery tool. Slap a seksi user interface on that and apparently you can sell it for $49.

This tool appears to just be a well written exploit targeting not just IE but a number of other Microsoft products. I assume it relies on the "Remember my password" functionality in order to get the password. If the browsers are caching passwords without your consent, they are worthless. I know of generalized tools that will do this for any site you remember a password for: IE PassView, Google Chrome Pass, Messanger Key for instant messengers and even Password Fox.

When you click "remember my password" the browser stores it in a semi-obfuscated way. Yes, it encrypts it but it must also put the key it uses to encrypt your password on your hard drive somewhere. Since your browser is not also a rootkit, any application you run on your box can access everything your browser can write. Therefore you need only spend the time to figure out where the encryption key is being stored and what kind of encryption the browser is employing to encrypt your password. When your mail client or chat client are remembering your passwords, it's no different. We could have a lengthy debate about whether 'remember your password' should be allowed but apparently the majority of users are okay with it considering the convenience it grants them. If they use the same machine to surf malicious websites, this makes it easier for malware to steal the passwords than a complex keylogging system ... and I guess people who click "Remember this password" are just fine with that prospect.

A few simple lines of code later and you too can write your own command line password discovery tool. Slap a seksi user interface on that and apparently you can sell it for $49.

To state it again. This is not RAM memory you need, use or have purpose for. IF you do need it, it is zeroed-out and free'd to application in like 30ms (one frame in usual FPS games).

It's more like 100ms on an average PC, but yes, you are correct.

But since background stuff will be happening too, maybe 120ms...

If 120ms isn't an acceptable delay, then you need an OS where programs are geared for low disk IO usage, and low memory usage. That will prevent any software from interfering with any other software, giving very fast and consistent performance.

Selection of software is big. For example, the difference between My Uninstaller and Add/Remove in XP is huge. You wouldn't notice on a fast PC, but on an older one you would!

Superfetch is a crutch. A handy one, but it shouldn't actually be necessary to use it have great startup performance for your favourite apps.

http://www.nirsoft.net/utils/flash_cookies_view.html "FlashCookiesView is a small utility that displays the list of cookie files created by Flash component (Local Shared Object) in your Web browser. For each cookie file, the lower pane of FlashCookiesView displays the content of the file in readable format or as Hex dump. You can also select one or more cookie files, and then copy them to the clipboard, save them to text/html/xml file or delete them."

According to the wikipedia entry for Windows services, a Windows service is essentially the same thing as a daemon is on *NIX machines. Daemons are not device drivers -- they're user space programs.

Try and look through HKLM\SYSTEM\CurrentControlSet\Services in the registry and see what's listed under there. You'll find plenty of entries which reference .sys files in their ImagePath. services.msc only lets you configure a small subset of the items in the registry key above, which are equivellent to *NIX daemons. Under older NT you had a Device control panel which let you work with the devices just like services, this was replaced by Device Manager in newer Windows. If you use a tool like ServiWin you can see all of the items.

I read about exactly what you stated regarding Nir Sofer of Nirsoft going through the very thing you mentioned and he is apparently the many time victim of these antivirus or antispyware false positives per his blog noting it here Sunday, May 17, 2009 Antivirus companies cause a big headache to small developers http://www.nirsoft.net/blog/2009/05/antivirus-companies-cause-big-headache.html and I don't blame you for not 'taking this challenge' because it sounds like more of a setup to me too. Considering this type of thing caused you some pain before when you meant well writing an app for somebody that later was turned in as a malware/greyware? I especially moreso do not blame you for it. I saw this happen to Dr. Russinovich's psexec iirc too. Of course, you know this idiot RyuuzakiTetsuya you are being too nice too imho will give you guff about it, but he is a nobody who is reduced to name calling at this point of this debate anyways and he's made so many mistakes it is not even amusing anymore. Considering me called me names like a hole and such also he is nothing more than a spoiled little child you outfoxed and out thought at every turn by this point. I will try to ignore him but it is too hard to resist to not do so after he has been so rude to myself, yourself, and others also.

I have to agree with the guy that replied to you. You're looking at Linux through rose coloured glasses, and looking at Windows through a toilet bowl.

Most software shipped with hardware is utter crap. Go online, search out some software for your task, and read reviews. There's very good chances that you'll find either free, shareware, or commercial software of higher quality than what's available on Linux. Windows is very consistent, in that for every task there is at least one high quality program. Some programs may suck - but you just uninstall those. Linux doesn't have this. Some tasks just don't have a good equivalent on Linux.

I'd rather not derail my post with specifics, but if you know of a great torrent client other than Transmission/Deluge, let me know.

Now, don't get me wrong - Linux does have some really great stuff, far better than what Windows offers. I like Ubuntu's "Install New Programs" thing in the start menu. It's handy being able to type in "OpenOffice" or "Abiword" or "Seamonkey", and actually install that software painlessly and quickly. I like it.

"Add/Remove Programs" is slow and clunky in Windows. I use myuninst myself. Just drop a shortcut to it in system32, and you can bring it up from the run box. ;)

I agree that Windows has a lot of crap attached to it by default. Like you, I personally want a system that does what I want (even if it takes a little hacking), rather than choosing from what it allows me to do. Therefore, I choose Windows.

My Windows XP is using a modified kernel with some XP Embedded system files and a 3D-accelerated desktop. It uses up 400MB on my HDD, and has support for everything. (Games, .net, java, my programming software, all decent quality win32 apps, etc.)

Stuff that I cut out was... extra drivers/hardware support (which I don't need), the 16bit compatibility layers, everything required for MS Office, IE, and other Microsoft software to run, plus anything where I have a replacement already. I even cut the registry down to about 8MB.

The result was a WinXP that does not automatically load viruses or spyware. It's about as locked down as Linux. I can't even get Securom to install on it. I run as an admin all the time(technically my modded XP only supports a single user), but it has been remarkably hard to fark up. Most stuff that silently tries to install will fail, probably due to the modified kernel - though I can't be certain.

That does mean that installing programs is more complicated. If a game requires updated DirectX components, it'll fail when it runs Microsoft's installer. Then I run it manually, and it works fine. It seems to deny silent access to a lot of stuff, despite clearly being logged in as "admin". If I install new videocard drivers, the drivers don't get updated. I have to go to the device manager and pick "update drivers" then select the correct version. Drivers for devices can't be automatically updated/installed.

I like that security feature, but I don't know what caused it. It seems to have been a side effect of heavy gpedit.msc policies, nlite mods, kernel mods, registry-hive shaving, and system file replacement.

Oh yeah, and because of the XP embedded stuff, it boots in 14 seconds and shuts down in 2-4. I couldn't be happier with it.

I'm glad you're just as happy with your linux box.

Apparently it's a buffer overflow condition and it doesn't require scripting to cause it.

Solution:

1. If you haven't already, stop using IE. Use Firefox. (IE opens PDFs automatically and AFAIK there's no way to prevent this.)
2. Disable the Adobe Reader plugin for Firefox (Tools, Add-ons, Plugins, Adobe Acrobat, Disable) so it won't open PDFs in the browser. Do not specify to open them with Adobe Reader by default, obviously.
3. Disable the Adobe shell extension (http://www.nirsoft.net/utils/shexview.html is apparently the best way to do that) to prevent the no-click exploit.
4. Don't open PDFs if they come from untrusted sources. If the shell extension is disabled, even if you download a malicious PDF, it won't be able to run its payload – unless you open it.

Or, uninstall Acrobat Reader entirely and use something else.

I'm pretty sure the no-click exploit in Explorer also wouldn't work if you close the "Details" panel, turn off file tooltips, and turn off the Status bar. I'd personally go the safe route and just disable the shell extension, though.

TFA's author suggests:

This is probably the easiest way: Nirsoft has a Shell Extension manager
  http://www.nirsoft.net/utils/shexview.html

Search for the PDF Shell Extension and disable it.

ShellExView makes it pretty easy:

http://www.nirsoft.net/utils/shexview.html

many of my games just won't work properly.

Can you give us some samples? This just doesn't seem right, considering I've been able to run the everything from the OpenGL version of Quake 1 to some obscure TI 99/4a emulators.

Explorer not only crashes at least once a day

Try ShellExView. It will allow you to see what 3rd party extensions might be hooked to explorer, which is a classic cause of explorer related stability problems.

C:\Users\Public. Brilliant.

This was introduced with Vista.

Instead you must INSTALL the application, or try to figure out all the places in the registry used by the application, and copy those as well

The program should install it's settings to it's own key under HKLM or HKCU. Simply export the key to a reg file and the settings are saved. Programs shouldn't be storing settings in many places...

There are also applications like RegFromApp that you can use to obtain all the registry changes made by an application or installer and packages them into a reg file.

Of course you'll have to copy over the shared components as well and re-register them. I think is the cause of most people's problems when they copy over apps.

Yup, it's a piece of shit. I use this Nirsoft tool instead, which shows more information and allows you to remove and change the entries.

The Ritual is getting rid of crapware. In the past, I've done this by reinstalling the OS and drivers.

You didn't have to go through this ritual. Rather than spend a little time with the right tools, you decide to scrap it all and start from scratch, only to dump all that and move to Linux? Something about this story doesn't add up, and I'm quite sure you omitted any problems you've ever had with Linux, both in terms of it's configuration and problem solving, but that's a whole other fish.

Like it or not, if your solution to any windows problem is "Format and Reinstall", you really don't know what you're doing. Given that your move to Linux was so easy, you were quite capable of learning, you just wanted to blame the OS rather than make the effort.

Some useful sites I've found are:

• http://technet.microsoft.com/en-us/sysinternals/default.aspx
• http://www.nirsoft.net/
• http://www.downloadsquad.com/2008/10/31/portable-wscc-simplifies-access-to-sysinternals-nirsoft-utiliti/
• http://portableapps.com/
• http://portablefreeware.com/
• http://www.getusb.info/55-portable-apps-for-making-a-usb-super-stick/
• http://www.makeuseof.com/tag/portable-software-usb/
• http://www.downloadsquad.com/2008/09/02/24-killer-portable-apps-for-your-usb-flash-drive/2
• http://www.emergingtechs.com/posts/35-portable-applications-every-tech-needs/
• http://www.simplehelp.net/2008/07/21/15-portable-apps-to-help-troubleshoot-pcs/

Using mostly these sites, I've come up with a very useful collection of apps and utilities totalling under 2Gb, which easily fits on a flash drive with room to spare for data. One example is winaudit, which will generate an extensive report when run on a pc. You can save the reports on various pcs to your flash drive in various formats (pdf, html, text, csv), bring them home, and go over them in more detail to see what needs to be fixed or updated on the various pcs you encountered.

I don't crack WPA passwords, I read them using http://nirsoft.net/utils/wireless_key.html.

Cracking is for whimps :-)

This guy writes a lot of utilities including password recovery software.

Check out the false positives listed here:
http://www.nirsoft.net/false_positive_report.html

Watching something like Tcpview:

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

or Currports:

http://www.nirsoft.net/utils/cports.html

may work better for a lot of users (anybody who can manage to download and extract a zip file...). A rootkit could still be hiding the traffic, but the approach you outline is better than nothing.

See here and here. Basically, Windows' Explorer.exe crashes with ntdll.dll because of C:\WINDOWS\system32\CmdLineExt.dll. There's a fix, but doesn't work for everyone. I had to use a noDVD patch and disable this DLL. I had this problem since 7/9/2008 and fixed it yesterday by disabling it with ShellViewEx. Explorer even crashed in safe mode without networking!

Handy:

http://www.nirsoft.net/utils/shexview.html

I couldn't find active links for one or two of them myself, but here's an updated list -- in some cases these aren't the original sites, which have disappeared, so obviously it's worth being extra careful with antivirus software... apologies for the mess of links; the filter doesn't like short lines...

1by1 (play MP3s), AriskKey (recover passwords), AutoRuns (enumerate startup tasks), BurnCDCC (burn ISO images), CD (basic CD player), CDex (rip CDs + convert MP3/WAV), Copier [0X Copy Machine] (scan + print), CWShredder (clean spyware), DComBob (tame DCOM), DirLister (make quick file lists), Discover (force windows onscreen), DupeLocater (find and clean), FileRecovery [PC Inspector] (undelete), Folder2ISO (use with BurnCDCC), FoxitReader (read PDFs), GUIPDFTK (split/join PDFs), HijackThis (find spyware), HJSplit (split/join files), Identify_Boards (identify hardware), KatMouse installer (due to MS drivers), LCISOCreator (make ISO image from CD), Leaktest (test firewall), Microsoft keygen (people lose things), MultiRes (change res + force refresh), Multi Timer (stopwatch), NoteTab Light (text editor), NTest (test monitor setup), OnTop (pin windows to foreground), Process Explorer (task manager), ProduKey (recover passwords), Registry Commander (virus cleanup), ResHacker (examine executables), Rootkit Revealer (just in case) ShootTheMessenger (turn service off), Shred by AnalogX (simple filer shredder), TedNPad (unicode text editor), TFT (dead pixel locator), UNPnP (tame SSDP), UPX (compress executables), UnitConverter (what it says), utorrent (basic torrent app), VCdControlTool (mount ISO images),

Does it still record a hidden history of every page you have ever been to that remains even after clearing the cache and history?

I saw in the ZDNet review that they had a one-click option to clear the history, cookies, authentication data, etc, but I didn't see anything to indicate a change in this behavior.

I recommend these programs to all my co-workers, friends and family.
BlueFrog - Fight spam with the Blue Community
DefilerPak - Video/Audio Codec Pak
FireFox - IE replacement
Foobar2000 - Audio Player
MyUninstaller - ADD/Remove Programs alternative
Nero - CD/DVD burning software
NOD32 - Very fast and accurate Virus Scanner
Thunderbird - Outlook Express Replacement
Treewalk DNS - Local caching DNS
Trillian - Many IM Clients in One
UltraEdit32 - Best Windows Text Editor (check out column mode)
UltraMon - If you multiple monitors this program is great
Zoomplayer - DVD/Media player

There's a program called "MyUninstaller" available here: http://www.nirsoft.net/utils/myuninst.html

It will let you delete those extra installed programs from the list, without actually running the uninstaller.

There's a program called "MyUninstaller" available here: http://www.nirsoft.net/utils/myuninst.html

It will let you delete those extra installed programs from the list, without actually running the installer.