Vista – More Lost Tools!

Every physical move I ever made caused a loss. When I moved from a condo to a house I lost the built in security and lawn maintenance, but I gained a senses of privacy and independence. The losses were real and important but so were the gains.

So far with Vista, I’m recognizing and counting my losses but have not discovered any gains. I finally gave up on an independent anti-virus and did the Microsoft thing just to get the installation done. This was a major loss for my well developed paranoia and I have yet to discover an offsetting gain.

I lost innumerable hours trying to install favorite programs and when done, I am back to an inferior XP clone and some programs just don’t work. As previously discussed, the new improved solitaire sucks so my enjoyment is reduced but at least their is an offsetting saving of wasted time.

Today’s discovery is that Index.dat Analyzer and Spybot Search and Destroy no longer work. The latter program is much more popular than Index.dat Analyzer but I consider it less powerful and not too great a loss.

Index.dat Analyzer is clumsy to use but an extremely powerful tool. Quite simply it finds every single record of your surfing history and allows you to eliminate them. It finds stuff that Ccleaner and AdAware miss.

In the end, more lost tools, and so far I’m still looking for the offsetting gains that make my switch to Vista worthwhile.

Vista’s Lost Tools!

Seems every time I move, I lose tools or misplace them. My tool kit to observe who’s invading my computer is fairly simple. I use the disk usage from properties, the various netstat options from DOS and search to find the most recently modified files. There is no difference in the properties option for Vista, simply right click the hard drive in My Computer, mouse over properties and click on it.

After about a week of using Vista, I noticed that my hard drive usage had gone from 12 gig to 17 gig with no reason so I wanted to do a netstat and also delete files. I found out that as administrator, I was not empowered to do so. Also, if it’s easy to search for reciently modified or very large files, I couldn’t figure out how. One problem at a time, I wanted to install a working DOS command prompt..

That turned out to be fairly easy as many of the early innovators had faced the same issue so the advice is on the net and fairly simple. (Rough Guidlines I used are from mydigitallife.info.) Right click on the desktop, mouseover new and click on short-cut. When the installer pops up, type in “CMD” all caps and use the defaults for the rest.

Now that you have a dos icon on your desktop, right click on it and once again enter properties. Go to advanced and increaser your security level to administrator which is of course what you already are or you couldn’t have installed it anyway.

Just one more stumbling block on the path to knowledge.

Vista Sunk Costs!

The accounting concept of sunk costs is fairly simple. After you make a really dumb investment which turns out worthless, the value is set at zero. In business, if an item has value, it is carried on the books at cost less a deduction called depreciation which is a reduction due to wear and tear. If you purchased an item from a company that is going out of business and it doesn’t work, there’s not much you can do about it. Regardless of what you paid, it should have a value of zero or even negative if you have to pay to get rid of it and the sunk cost is the total paid for the item plus disposal costs.

Now in my case, I paid about $100 dollars for the Vista upgrade and in reality it doesn’t matter much whether it works or not as my sunk cost in either case is $100. If it doesn’t work I’m out $100 and even if it does work, my old computer is worth about $100 whether it has XP or Vista.

Now its rumored that Microsoft spent more than $10 billion developing this dog and since it is rumored that the market is rejecting this dog, it will have to have a replacement soon. This does not mean that we should feel sorry for Microsoft for wasting billions on development cost which they will have to write off as a sunk cost.

If it were only sales to the USA, they would have to write development sales off over the limited domestic sales but that’s not the case. They just dropped the price to $66 for the Chineese market and this will dramatically reduce the development cost. I mean if total US sales were 100 million units with a development cost of $10 Billion, they would have to write off $100 per unit and since I only paid $100 and the retailer got a chunk, we should all be crying for Bill Gates problems.

However, by selling a billion units in China, they won’t sell one less in America and now the development cost per unit is less than $10. WoW, now the American sales seems to be yield a huge profit for what is essentially a dog.

Mark Twain said it all!

“Figures don’t lie, but liars can figure.”

Cookies – Be Careful What You Eat!

If you want to be a hacker or cracker, you must become aware of all the ways people can monitor your activity. The easiest one to start with and still the easiest to prevent is cookies.

Now some cookies are necessary and so secession cookies have to be allowed. Yet every time you close your browser, you should wipe out all of them. Advertising cookies do help the site owner but do nothing for you so it’s tempting to block them but why bother if they are wiped out every time your browser closes.

Now sex site cookies are really dangerous and can send you to jail. A site such as youngpervs.com sets 4-5 cookies and tracks all your activities and the sites you link to. It’s almost cool to watch them spying on you and Firefox Browser “tools options” is a cool way to watch them.

Click TOOLS>OPTIONS>SHOW COOKIES after you go to youngpervs.com; Then open the youngpervs cookie file and click on the individual files to see what the say. Click a few links and see how many new URL’s have set cookies and go back to the original youngpervs cookies and see how they have changed.

Even though your wife or mother doesn’t know where you go, you know you are safe when Big Brother is watching you.

The code from youngpervs.com:

document.cookie = ‘click=0; path=/;’
document.cookie = ‘clk=0; path=/;’

Killing ccProxy.exe

Well as the say in the Caribbean, “Enough is Enough!”

I already posted about Level 3 penetrating my machine in a Vulcan Mind Probe by use of the ccproxy.exe process and also commented about running netstat as soon as you turn on the machine, so yesterday I turned on the machine allegedly protected by Norton to find that IP 66.228.208.169 was already there. I found out that this IP was controlled by adtaq.com, an internet hosting company, somewheres in Seattle, Issaquah or Albuquerque and not much else on the firm. Once again, there was no reason for them to be connected on start-up.

I checked on ccProxy.exe and knew it was a Norton file but couldn’t find much else until I visited auditmypc.com

From that site, it appears that this proxy server is used in the parental control module and can be turned off if not in uses. Since many of the crap sites I visit are not on approved lists, parental control is never in use and I decided to turn ccProxy.exe off. I first tried turning it off from the Task Manager, but when I did Foxfire stopped working. I restarted the computer in safe mode (F8) and located it from the “netstat -bv” information. I renamed the file ccproxycrap.exe and restarted the machine in normal mode.

It was comforting to find that my friends at the FBI simply changed operations and connected to my computer through the firefox.exe process instead of ccproxy.exe but the non-military strength crap was gone. All other operations are normal and ccproxy.exe was never missed.

It might be my imagination, but the machine might be processing a little faster.

Who is Cameron Laird and Why is He Trying to Rape Me?

If you go to lairds.com, you are automatically redirected to lairds.org which is one of those very simple family sites where people collect mail, post pictures and let the whole thing get terribly out of date with no one in the family actually using it, except for a few. Seems that Kitty and Kyler Laird still use it occasionally to post family and vacation pictures and Cameron apparently uses it occasionally to do some work on a non-employer server.

Cameron is a very skilled and award winning programmer who works for phaseit.net as a Vice President and all of this appears to be totally useless information and you probably wonder why I bothered to find it out.

When I turned on my laptop this morning the first thing I did was run “netstat -an” and check all the unsolicited activity. Now as a working definition, I was always led to believe that penetration without permission is rape.

With no surprise, I found my anti-virus and MSN updating their offerings (They are programmed to do so). I also found my local ISP connected which I assume is the FBI’s Carnivore and I can’t do much about that.

What was a surprise was I found a connection (208.53.158.75 owned by FDCSERVERS.NET) to my machine at port 2518 sharing my anti virus update PID. To get more information, I ran “netstat -bv 10” which identifies URL’s and the processes involved. Unfortunately it describes many processes as “unknown processes”. The IP was identified as mx.phaseit.net

Of course I ran a DNS Repport to track the mail server and found the following information:
mx.phaseit.net’s postmaster response:

>>> RCPT TO:

<<< 550 Your mail server is misconfigured. 74.53.59.133 claims to be test.DNSreport.com.

mx.phaseit.net’s abuse response:

>>> RCPT TO:<abuse@lairds.com>

<<< 550 Your mail server is misconfigured. 74.53.59.133 claims to be test.DNSreport.com.

Both lairds.com and mx.phaseit.net track to FDCSERVERS.NET

When you go to lairds.com it redirects to lairds.org site and confirmed that the penetration was not accidental or unplanned as Cameron Laird was a key player on both lairds.org and phaseit.net.

Since my laptop defenses have been penetrated without permission, There is no doubt that I should be screaming rape. So:

Who is Cameron Laird and why is he trying to rape me?

More Netstat Tricks.

I said it before and I’ll say it again, I don’t know how I missed the netstat tool.

My son-in-law works for one of those Fortune 500 Internet Companies and he just doesn’t accept my Vulcan Mind Probe idea. He acknowledges that his company uses cookies but claims they are not engaged in data mining by either the cookie approach or the direct connection. He is a true Boy Scout!

To prove his point he agreed that netstat was the tool to use to find out who was connected to any machine and why. He first refreshed his memory with the following DOS command:

C:\>netstat /?

Linux uses use the “man” command to get a manual on any topic and Windows users avoid all knowledge so not only did I miss netstat, I forgot to query the power of the command.

(c:\>netstat q) gives the same result.

Now the most important new knowledge is the “netstat -bv” command which names the executable calling for the connection, and the process identification (PID)for the process that is connected to a specific port. With this information it is possible to see who is engaged in probing for what – More or Less.

Well it’s not perfect but it does give a sharper image of where executables might be hiding that are probing your machine to add files or copy your own files.

After a 10 day vacation, I came back and reconnected the machines to the net. Netstat an looked clean as I surfed between msn.com and AOL.com until I spied a few connections from my good friends at Level 3. The other connections were obvious, content and advertising cookies – ie the same old crap. Now the great aspect of “netstat -bv” is the details of whats happening.

In the midst of a long string of output, we find:

TCP port:4357 204.160.105.124:http CONNECTION ESTABLISHED 1192 PID
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\MSVCR70.dll
C:\WINDOWS\system32\kernel32.dll
[ccProxy.exe]

TCP port:4359 199.93.43.124:http CONNECTION ESTABLISHED 1192 PID
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\MSVCR70.dll
C:\WINDOWS\system32\kernel32.dll
[ccProxy.exe]

This tells us both IP’s are operating under the command of ccProxy.exe which is part of my Norton product group. Since, I have been slammed while “protected” by Norton, I don’t put much faith in the integrity of this connection particularly when Norton updates through a different executable.

Oh well just one more thing to ponder.