Archive for August, 2007

Safe Surfing and Safe Sex

August 21, 2007

According to Web MD, teens who enjoy casual sex with multiple partners only practice safe sex half the time. Figuring that the penality from poor judgement is death from weird diseases or unwanted pregnancy, you would guess use of a condom might be greater.

According to Scanit, 42% of Internet surfers use unprotected browsers and 3/4 of the unprotected were high risks. The penality for corrupted machines could be a visit by the FBI and a lifetime of legal problems.

There’s not much that can be done about teen sex as teens have more desire for sex than they have money for condoms.

For a Browser Security check, click here.

Advertisements

Window’s Updating Blues

August 20, 2007

I see that Vista has been getting some bad press on it’s up dating procedure. It seems that if you miss an automatic update because the machine is off line. the machine automatically updates the next time you turn it on even if you’re operating in a guest account.

The problem is the Vista update is operating in the background with full administrative privileges and automatically restarts when necessary and without warning. Of course this no notice restart could be in the middle of an important project. Actually, there is not a big difference compared to the old XP except that new Windows programs require more patches, updates and restarts.

I discovered lapses in the update process on my laptop where of course I have user and administrative accounts. It seems that for XP on my laptop, it will hibernate behind an impenetrable wall when it`s idle which is of course every night at 3 am when it is supposed to be updating. In the morning when I go online, with no administrative privileges, I cannot update windows at all because I am not the administrator.

The only way to operate a perfect machine is to set aside time to go online as administrator and administer to the needs of Microsoft. I would hardly call this a user friendly operation particularly as I watch my blinky little icon telling me that my non-Microsoft Anti Virus is automatically updating and protecting me while running in background. The only time I need administrative privilege is when I want to change a setting and then it just asks for a password to make the change.

Perhaps, Microsoft is reluctant to do this because they know how unprotected there Protected Storage is. If you want some fun try Protected Storage Explorer to find the paswords and protected data on your machine

I’m pretty careful about letting windows fill out forms or remember passwords so there is not much on me. However, I’ve seen everything a person can put on a form completely understandable in Microsoft Protected Storage.

SANS Knowledge

August 19, 2007

SANS is one of those Organizations that everybody knows about and totally ignores. While they’re certainly ahead of the FBI and Us-cert when it comes to sharing information, there is still plenty of geek talk to obscure the knowledge.

Much to my surprise, the mini SANS course was in standard form English and full of easy to follow useful advice. I mean, I hardly consider myself a SANS scolar for $100, but I use the manual for every XP computer I own.

I’ll even go so far as to say, when they upgrade everything for Vista, I’ll send them another $100 and take the course again.

A side benifit of the course is I’m now on the SANS spam list. Much of what they write about is for management types so mear mortals can comprehend it.

My favorite accidental tip was a reminder to use “fdisk /mbr” when formatting and reinstalling windows.

HUH!!!

fdisk is one of those clever dos commands that you can use to delete partitions before you use a drive wipe program. This was removed from Windows software after Windows Me. What I forgot is that damned Master Boot Record that most of us mortals know so little about. Now most geeks have heard of virus imbedded in the Primary (FAT or NTFS) Partition and most even recognize that Norton scans the Master Boot Record and gives a report on Viral activity in the area.

What is not so obvious is that all anti-virus programs miss the newest virus and all are likely to miss Military Strength Malware designed to circumvent anti virus programs.

Removing the Master Boot Record and partitions before wiping the drive, formatting it and reinstalling the operating system was what was necessary to get rid of that nasty malware that hit me when I made the mistsake of testing that miserable Tenebril GhostSurf Crap.

The malware made it past a full protected machine and funny thing, all the bot characteriastics indicate it was probably a commericial effort and not Military Strength Malware. So I’m not sure this will work for everythying but it’s worth a try.

Vista – Screwing Up A Wet Dream.

August 18, 2007

OK, it’s a crude analogy, but the reality is that the power of sexual release during an erotic dream is intense, nearing perfection and only the lucky or skilled will achieved it in real life. When you envision the Microsoft Solitaire game, it is a near perfect addition for the compulsive personality. Billions of man hours globally have been wasted by everyone form casual players to the addicted.

Professionals in the gaming industry had been predicting a decade ago that solitaire was Bill Gates entry to legalized Internet gaming. I mean who wouldn’t play this addictive game for a penny a point or even a tenth of a cent. Multiply that micro-payment times billions of games by billions of players and the man could give you the operating system for free and make it up in gaming revenue.

Imagine how perfectly secure and bug free this system would be. I mean anything that damaged your security or time online would damage this endless money machine for Microsoft. There would simply be no downtime because it would disrupt the game.

So now we have this perfectly mindless game that everybody would play and occasionally gamble on and what happens? Bush bans credit card transactions for gaming debts and Vista destroys the best part of Windows that remained pretty much untouched since the first Windows I can recall which was 3.1.

For starters, I couldn’t even play the game on Vista until I reinstalled the Video Driver that Vista had eaten on installation without warning me about “incompatibility issues”

Then much to my horrors all of the features which made the game so additive were gone. There are now blinkie little halos around cards that you mouse over even when you are dragging a card to its correct position. This served to break you out of that classic solitaire trance which allowed mindless play.

Another new device that destroys mindless play is that a right click does not send all the cards to the top. It is sort of a meaningless device. At the end of a winning card game, you must either click the card you want to move to the top or physically click and drag it to the proper location. There is no obvious instant way to end the game while winning.

The next new item that breaks the solitaire trance is that you cannot start a new game by clicking on deal and a new game instantly popping up. Now there is a warning that starting a new game will cause the losses in the current game to be counted against you and then you have to express your consent to continue (losing).

All and all, Vista brings the end to the perfectly mindless solitaire era. I know some die hard Vista fans will mindlessly applaud this change, but I prefer to exercise my constitutional right to freedom of choice and occasionally engage in totally worthless and mindless behavior. I was one of billions who were looking forward to actually betting on secure and functional Las Vegas solitaire because I knew in my heart, it would have brought with it a secure and very stable Windows operating system that would have made e-mail and e-commerce secure for the whole nation.

Now alas, there is no reason for Microsoft to ever deliver more than a tolerable mediocre product. My last hope is that I will not resort to Prozac as I wean myself from the solitaire addiction when my last XP machine dies.

Netstat, the Vulcan Mind Probe and spying on Akamai

August 17, 2007

Now I’m pretty sure that I have Military Strength Malware on the machine that went wild, so I changed anti Virus to PCcillin. Yeah, I know it’s not the best, but at least it does a good job of documenting known and even unknown Microsoft Vulnerabilities. I did the install off line and then updated as soon as I went online. The installation seemed large as disc usage rose from
3,801,989,120 bytes to 4,101,541,888 bytes.

I then went to tigerstail.wordpress.com and entered netstat through a dos command while the page was loading and it lit up like a Christmas tree. There were connections on 85 different ports. There were alot of internal connections but I will focus on the external connections trying to probe my computer memory. I used Firefox Browser and Ccleaner before I started.

The connections delivering the material and probing my machine were:

One (1) from layered technology, the original host for WordPress.
One (1) from Google which does a lot of stat work and tracking.
three (3) from Akamai who is the new distributed hosting company for big sites

Now all of those are expected along with snap.com who provides that cool mouse over service to show what other web pages look like before you go there.

Regular readers will know that the FBI spy tools are hosted by your ISP and it,s not surprising to find 17 connections to my computer from an IP number owned by my Virgin Islands ISP.

Saving the best for last, It’s unexpected but not unbelievable to find two connections from unknown.leve3.com. These are the fine people who are profiting from serving domestic kiddie porn and I have presented evidence of their involvement in domestic spying.

So while I’ really didn’t expect them it’s also no big surprise.

The excessive number of connections from the same visitors is reproducible. I can shut the browsers and return with more or less the same visitors with the same multiple connections.

Seems like as long as netstat works, Its going to be hard for people spying on you to do it anonymously and at least I can document domestic spying.

Cool Tool – Netstat!!!!

Simple Tools for Simple Minds.

August 16, 2007

One of my favorite new tools for monotoring my machine is simply the disk usage number. Open up my computer, right click on the hard drive and then click on:
“properties”
A cute looking disk shows up and in Blue it gives you the used disk space.

If you think about it for a minute, there should be no changes in disk space if nothing is saved after you surf the Internet. Moreover, after you use Ccleaner, there should be no change from before you started online. No virus, botnet or trojan can operate without storing something somewere.

So with my new epithiny, I decided to evaluate The combination of Firefox and Ccleaner.
With all systems installed and updted,
disk usage was 3,821,203,456 bytes

I then went online to thehun.net, a porn portal which uses sextracker cookies, and surfed nothing but legal porn to the best of my ability – who really knows with this crap is? Firefox had been set to save nothing and destroy all session cookies on exit.
Not bad 3,821,207, 552
That’s barely enough of an increase to save one thumbnail to cache memory.
After cleaning with Ccleaner,
usage was 3,821,146,112.

At this point all systems are go, and I’m almost willing to endorse the combination of Firefox and Ccleaner as safe.

The acid test is of course to surf a known and nasty law enforcement Honeypot, youngmodels.org.

This site is truly nasty shit and once again crap came raining on my computer. I never waited for a full load, because it’s disgusting. This is one of the sites cited at trial used to send a man to jail which is still online publishing kiddie porn in the good old USA. It’s a disgusting site but it does serve as a benchmark for the power of Military Strength Maleware.

After cleaning with Ccleaner, there are
3,821,154,304 bytes or an increase of 8,192 bytes.

Now that’s not much of an increase and certainly not enough to hide images on the machine but it is enough to mark it. And here’s where life gets ineresting.

Overnight, there was a drop to 3,821,101,056 and my antivirus started getting weird. I kept getting notices about needing updates which the update program rejected because it was comming from the wrong URL address. The machine was online but unused for two days and it usage rose to:
3,839,463,424

Four hours later it was about:
3,850,400,000 which was stable for a day

At this point Ccleaner missed cleaning a couple of index.dat files analyzed by Index.dat Analyzer (15 total) and the Windows search function refused to identify any index.dat files at all. Since the search function wasn’t working it was hard to find where all this increased usage was taking place and at a usage level of
3,864,084,480 The machine was taken offline.

That is an incredible 40 MG of programming that was installed in two days without my knowledge or permission and it started 1 full day after I visited a really nasty site. (I never surfed again after that visit but left the machine connected to the Internet.)

For a bunch of reasons, I dumped my anti virus and installed another one, but that’s another story.

PCcillin Tops Microsoft Updates!

August 15, 2007

This is a tough post to title. First off Microsoft Updates are different than Windows Updates. In the classic Windows Update, you patched your Windows operating system and the other software was left alone. Unfortunately people started exploiting all the bugs in all of the rest of the software and this gave Microsoft the excuse it needed for a total “Microsoft Update” of all MS software where the legality of every program could be checked.

The problem is the same with all new Microsoft Products, when first introduced it doesn’t work. But for that matter the simple Windows Update doesn’t work as you would expect.

One of the very best features of PCcillin is it keeps track of all of the vulnerabilities in Microsoft software better than Microsoft does. On the brand new XP machine, PCcillin catches 57 Microsoft vulnerabilities before either XP or PCcillin is updated or the machine put on line. If you choose to update the machine and the antivirus software before activiting windows which you have 30 days to do before they shut you down, you get a message that your machine has been successfully updated. Guess what, all the updates have introduced 40 more vulnerabilities and you are actually worse off.

Seems like Microsoft’s way of getting even for your not activating your copy of Windows is to open up even more holes and lie about what they have done.

Now this is an easy experiment to do. The next time you install windows, choose the option that says you will activate windows later, and install PCcillin. Check for vulnerabilities before you go on line. Update both PCcillin and Microsoft online while refusing to activate your copy of Windows. After you have successfully updated both programs run a PCcillin scan and you will find almost 100 unpached vulnerabilities.

Now, activate Windows and do a Windows update and do another PCcillin scan and you will find all your vulnerabilities closed.

I can’t recall reading that in the fine print. That’s like purchasing a leaky life vest and the manufacturer refusing to patch it until it is registered and the location of where it will be used documented.

While on the topic avoid Microsoft Updates for now. This program automatically installed IE 7 and the PCcillin scan showed a vulnerability which the Microsoft Update failed to patch. When you did a knowledge base search, Microsoft acknowledged the existence of the named vulnerability (MS07-16) but when you install the suggested patch, the system becomes unstable and IE 7 acts weirder than normal.

No wonder Vista refuses to cooperate with PCcillin. they don’t want you to know how bad Vista is.

Vista Blue – That Damned Summer Rerun

August 13, 2007

OK so this time I did it by the book. I formatted the last aborted install of the Vista “Upgrade” on the brand new XP machine, and then reinstalled the XP operating system. I chose PCcillin anti-virus for reasons that will be discussed separately, put the machine online activated the Windows national identity number and and updated all software and ran all scans. The machine was a prefect installation of Windows XP with everything working perfectly.

So like a demon possessed, I attempted my third installation of The Windows Vista Upgrade (form Office Max) and did everything by the book including installing online and accepting every recommendation. I didn’t care that it still hated my printer and IM. It even hates PCcillin and warned it won’t work after the “upgrade” which has to be a very abused word. (Change is beginning to seem more accurate.) . Hell, there are other anti virus programs out there and I was feeling this compulsive need to open the Vista to my future world of the Internet.

I once again made it past the screen that said this update would take hours and the machine would restart several times. When I returned, the machine was froze on the same Blue Screen of Death that made Microsoft so Famous.

I’m beginning to understand Microsoft’s marketing strategy for China where they have discounted the Chinese Version to $69.00. If they had to pay to bury all the returns in a landfill, they would go broke because there are already billions of copies on the street. By repackaging with a patch and a Chinese character set, they can offload this crap in a remote market and recover some of their costs associated with this abortion.

Actually, it makes good short term economic sense.

It’s a good thing that the grandkids are visiting and I’m getting used to very bad summer reruns on TV. I’ve spent about 15 hours trying to install a $100 Vista “upgrade” on two different machines. If I spend 2 more hours, I would have been better off working at McDonald’s for $7 per hour and throwing this crap out. Oh well, the Blue Screen of Death has allowed me to reminisce about the past as old people are prone to do so it’s sort of like a few more wasted hours watching very stupid summer reruns.

Vista Blue or Vista Me?

August 12, 2007

I was probably one of two people in the Universe who actually liked Windows Me. I mean I still have an off line inventory machine running Windows Me and Office 97 that is stable and still working. It has enough memory to do the job, is fast enough and off line so I probably won’t replace it until it dies. I thought about giving it to a kid, but the first time it goes online, it will get murdered by malware. I never purchased Win 98 so after the Blue Screen of Death with Windows 95, anything was a step up.

Alas, the court of public opinion ruled against Windows Me and Microsoft was forced to kill it with a premature introduction of XP. Today, I once again tried to use the Windows Vista Upgrade I purchased from Office Max. I have a brand new Windows XP machine that has never been on line. I opened the box and started the installation. What a thrill as I attempted to peak trough the Vista to my future.

The first screen that came up was one that told me I should do this online because, that was the only way it might work. In other words, the crap in the box would probably not work. I’m weary of online installation because of the potential for malware before the update is even completed and this machine doesn’t have an anti-virus yet, since I’m not sure what will work with Vista.

I rejected the online offer and stuck with the CD. The next screen that came up told me that my current version of IM wouldn’t work with Vista and that my printer wouldn’t work. I clicked OK because I’ve been wanting a new printer even though the old one works fine and I rarely use IM anymore.

The whole process started running and the next screen that popped up told me not to worry, the upgrade would take hours and the machine would automatically restart several times.

Actually, I found that acceptable because my grandchildren are visiting and they are used to getting my full attention so unknown to them, I could actually accomplish something while swimming, hiking and cooking with them. (Our first gourmet treat was Jello with canned fruit cocktail added.) That is accomplish something other than the joy of total adulation by two little girls.

About an hour later, I checked the machine to find The World Famous Windows Blue Screen of Death and the message was fucking priceless.

“A problem has been detected and Windows has shut down to protect [my] computer.”

Now that’s really nice and considerate and probably the first really sweet sentiment I have ever heard from Microsoft.

Next:

“If this is the first time, you’ve seen this error screen, restart the computer. If this screen appears again follow the steps.”

Problem is, I cant restart the computer, and each time I shut it down and restart it, the same screen appears. Since I can’t restart the machine I will include their advice for completion and just to prove that the evil genius is back with Microsoft.

“Check for virus on the computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated, Run CHKDSK /F and restart the computer.”

Now this machine has never even been on line, but just in case the Bill Gates Vista Team was correct, I reformatted the hard drive and reinstalled the Motherboard drivers, and the OEM XP which came with the machine and started the Vista Installation again.

This turned out to be a perfect scientific experiment as the results were 100% reproducible.

Thats right The World Famous Windows Blue Screen of Death was back with the same message. Oh well, it’s time to hack the Vista installation process and see what’s up.

How Many Index.dat Files Are There?

August 8, 2007

Your index.dat files keep a complete record of where you surfed, what you searched for and the pictures that you saw. Combine that with your user id and cookies which index.dat does and it’s hard to deny that you are you. On top of that, we have the unique Windows Identification Number and not only are you you, but it’d definately your machine. Finally, the index.dat files are linked to your cache piture file and you are on your way to jail wether it’s perversion, bombs, drugs, guns or extortion.

Now if they can do all that with their domestic spying, its hard to understand why they don’t shutdown spam and malware and the only answer I can think of is that they hide in the muddy waters that they allow or create.

Your only defense is to get a good understanding of index.dat files and where to find them. Unfortunately that is not easy, because you can never be sure you have them all.
I will discuss more about search engines not searching but trust me, the Windows Search function is a piss poor place to start or trust.

First off, you have to remember to search all hidden and protected files to find any. There are three basic index.dat files (History, Cookie and Cache) and each user has three of them including the administrator. In addition, certain programs also use the index.dat files in addition to Windows. On a brand new installation, Windows Search will find most of them but not always all.

It would appear that the more infected the machine the more files are created. I’ve seen as many as 25 on a badly infected machine and as few as six on a clean machine. Prior to any malware infection, CCleaner will find and erase more files than Index.dat Analyxer so you know from jumpstreet that Index.dat analyzer is not perfect? So why keep it?

When you get hit with Military strength Malware, CCleaner seems to become ineffective and Index.dat Anaylizer picks up a lot more problems than CCleaner. Unfortunately, with Index.dat Analyzer, all files have to be manually detected and the stored items manually deleted.

To make this perfectly clear:
Windows Search is brutally ineffective on finding index.dat files.
Index.dat Analyzer doesn’t work well on clean machines.
CCleaner is not effective after you get Military Strength Malware.

So the answer to:

How many Index.dat Files are there is:

Who knows?

You will have plenty of time to ponder it on your way to jail.