Archive for the ‘Windows Vista’ Category

Final Post

October 2, 2009

No – I’m not dead yet!!

This is a final post at Tigerstail.wordpress.com because I am tired of seeking knowledge and bitching about that which is. It is time to use my skills to develope the solutions to all of the problems I have discovered.

Join Me at jimmicap.wordpress.com

Vista Blue Screen of Death!

February 21, 2008

Did you ever wonder what Microsoft personnel call the world famous “Blue Screen of Death.” Well at least one programmer must have a sense of humor or submitted the following error message as a resignation.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 8B0CAB9F
BCP3: 87599BA8
BCP4: 875998A4
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini021908-02.dmp
C:\Users\USER\AppData\Local\Temp\WER-46332-0.sysdata.xml
C:\Users\USER\AppData\Local\Temp\WER43C3.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

The biggest improvement over Windows 98 and Windows Me is that the Blue Screen is a quick flash before the computer goes dead whereas in the old days it would stay on your monitor to torment you. None of my friends can recall a blue screen effect with Windows XP SP2 so Vista must be engaging in a nostalgia trip.

Screwing up XP!

January 6, 2008

I’ve sort of been suggesting that part of the reason that Vista has not been universally accepted is because Windows XP is a mature, sable and secure operating system which has no need for a replacement except perhaps in the gaming community. There are many independent companies that understand the system and are writing independent security software to defend you against Virus, malware and to secure your privacy against unwanted preservation of sensitive data or images.

The truth is you can do a pretty good job of defending your machine by using Firefox as your browser with settings that insure your privacy and erase all surfing history. Naturally, you can back this up with Ccleaner and an independent antiviurus and your in pretty good shape. You may want to use your traditional XP search function to check for cookies that may have been missed and to check the images in all hidden and back-up files. After everything unwanted has been eliminated, defragment your system and overwrite your unused space with a seven pass disk wipe.

From what I know of forensics, that is probably enough to prevent the repairman at your computer repair shop from reporting you to Homeland Security and may be enough to prevent recovery of images and files after you reformat your hard drive. (However, if it were my freedom at stake, I would give the drive the Lot’s wife treatment and buy a new drive.) Overall, I am fairly well convinced that XP is a defendable operating systems for mere mortals that follow a set routine and pay attention to security.

Since this belief is probably true, it leaves, Microsoft and the government out in the cold when you choose to observe their nefarious connections. No, you cannot stop unwanted predators from connecting to your machine and probing you but you can keep your machine clean enough that there is little there to find. Now with Vista, this is clearly not the case. There are back-ups of everything as the default and many are complaining that that use of Vista will be a one way ticket to jail or unemployment as your total computer use is an open book.

So what is the answer for Microsoft and the Government to threats from a protectable XP operating system? Simple, introduce an unavoidable SP3 service pack. I mean I avoided the upgrade for IE7 forever or at least until there were so many vulnerabilities that were left unplugged until I down loaded it even though I use Firefox. I suspect avoiding SP3 will eventually leave me so exposed that I will have to do it and ultimately upgrade myself to a system as unknown and undefendable as Vista. Once this happens I may as well switch to Vista.

Oh well, shit happens.

Resistance is Futile, Knowledge is Soporific!

Vista Security-Oxymoron

December 11, 2007

Let’s start with basics, Vista Security is an oxymoron – It simply doesn’t exist.

I finally hacked an installation on a brand new machine and worked at putting an anti-virus on the machine. At the time, everything I tried was incompatable or my downloads were blocked. I tried Zone Alarm, PCcillin and Kaspersky. So I ended up with One Care which the whole world is condemning for being a weak system. I also attempted to install my Malware protection but every time I ran Spybot Search and Destroy, my computer locked up and AdAware wouldn’t update without locking up my machine.

I have now reached the end of my one month trial period for One Care so decided to check my machine and see how outside suppliers rate it. One Care says I’m at risk because I won’t let that cancerous back up program operate and I haven’t paid them. I tried running PCcillin House Call and was told that they couldn’t really check some operating systems. I tried Kaspersky on Line service and it told me I looked OK but there were 150 blocked files that they were incapable of inspecting.

I would have felt better if I was told that they inspected everything and I was clean.

I tried reinstalling Spybot Search and Destroy but it locked up when I tried to update it and I couldn’t get it to run. I tried to run it a few more times. It identified a couple of problems and shut down saying I aborted the process. AdAware refuses to update and stalls. When you force it a few more tries a screen pops up saying the update is complete without telling you what was updated. When I ran it, it took 18 minutes to get half way and finished in one more minute. I removed the cookies I found but don’t really trust the results.

If the Vista machine were used for anything more than surfing and writing an occasional post, I wouldn’t know what to do. I have no idea what kind of bug is on the machine nor do I trust any tools that are supposed to help me find and eliminate it.

Vista Security, Truly an Oxymoron.

Vista Tasklist – Cool Tool!

November 30, 2007

Alright, I finally found something decent about Vista but it actually is in Vista DOS which evolved from NT DOS and XP Pro DOS. It’s a tool called Tasklist and it’s used to get a listing of all processes by PID and which services are running in these Processes. By using various switches, you can find out what modules and executables are associated with a PID and learn about them. Knowledge leads to defense or minimally it will allow you to identify and disable your intruder.

My very First Tasklist command was:

C:\>Tasklist /svc

In my last post I found that Level 3 was connected to two unknown processes, 2060 and 988. Now I’m still not proficient with this command, but the output shows I have reason to be concerned.

Image Name PID Services
========================= ======== ============================================
svchost.exe 988 AeLookupSvc, Appinfo, BITS, Browser, gpsvc,
IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, Themes, Winmgmt, wuauserv
winss.exe 2060 winss

By searching for winss on Google you find that this is part of Windows One Care but has been related to malware problems and that svchost.exe is a generic host for Windows Modules that has also been suspect in malware. Still, you cannot dismantle them without hurting your operating system so you have to find the service or even specific module that is connecting to the net without your permission.

The next command I tried was

C:\>tasklist /m >> module.txt

It’s necessary to send this to a text file because the output is bigger than the DOS screen allows. The output gives you all the modules for each PID which is informitive but not necessarily useful. What would be ideal is if the IP were related to the PID which connected to a service and then connected to the modules within that service. This is what netstat -bv did and it allowed me to isolate and eliminate problems like with ccproxy.exe.

I’m sure that Tasklist is the solution, but it will take me awhile to figure it out unless somebody gives me the answer. I suspect whatever this intruder was standard malware and not Military Strength Malware. I ran all my malware eliminators and when I awoke I only had Google Talk knocking on my door.

Vista – Beyond Netstat!

November 29, 2007

Where do you find your lost car keys? You find them in the same place every time and the answer is easy.

You find them the last place you look.

When it came to XP I never got past netstat to find out who’s invaiding my privacy because it wasn’t necessary. Now there are some interesting things about DOS that I forgot but since analyzing Vista is a whole new ballgame, I thought I better refersh myself. The command of the day was netstat -ano with a few modifiers to give me a hand. After all this is still a computer and it should be able to follow a few simple commands. Check the following:

C:\>netstat -ano 10 >> fred.txt

Now this command is fairly straight forward when you learn DOS. The netstat -ano gives a listing of the protocal, the local port, the foriegn IP and port, the state and the Process ID. The 10 means the command for that information is repeated every 10 secods and since you really can’t do much with DOS output and the retained DOS data is finite, the >> fred.txt command sends it to a text file named fred and adds the new information being generated every 10 seconds to the bottom of the file.

Because of the slow speed of Vista and all the Simon Says rules, I set up DOS with the above command the night before and a second DOS window with “notepad fred.txt”. Since they were set up the night before, all I have to do when the machine comes out of hibernation is to press enter on the netstat command and about 2 minutes later press enter on the other DOS window to see wat I have captured in notepad.

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 748
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 432
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 948
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1148
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 516
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 988
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 500
TCP 12.197.60.34:139 0.0.0.0:0 LISTENING 4
TCP 12.197.60.34:53044 72.14.203.101:80 CLOSE_WAIT 1028
TCP 12.197.60.34:53045 209.85.163.125:5222 ESTABLISHED 1028
TCP 12.197.60.34:53046 64.233.163.189:80 TIME_WAIT 0
TCP 12.197.60.34:53047 207.46.235.29:443 ESTABLISHED 2060
TCP 12.197.60.34:53049 8.12.213.124:80 ESTABLISHED 2060
TCP 12.197.60.34:53050 8.12.213.124:80 ESTABLISHED 988

The first three external IP’s belong to Google Talk. The third Google connection drops out after 2 minutes and the first 2 stay connected all day. The forth IP is Microsoft and the last IP using two different processes belongs to Level 3.

Now Level 3 is an untrusted, uninvited quest but the connection only lasts for less than a minute. By the time I check the task manage and get through “Simon Says” and “processes from all users“, it’s too late to find out who is doing what to me and I have yet to discover a meaningful list of subprocesses for each PID that I might block to block the intruder. Blocking the IP is a waste of time because there are billions and the task of invading my privacy can be shifted to another server. The only perminant way is to identify and kill the process.

Tomorrow, I’ll discuss a new DOS command, at least it’s new to me and does not exist in Windows XP Dos.

But the only thing for sure right now is that I have an univited intruder invading my privacy which has made it past Windows Defender and I dont have a clue on how to stop it.

XP vrs. Vista, Netstat Tools!

November 28, 2007

There is absolutely no comparison between using netstat on XP and netstat on Vista. This example is limited to Googletalk because I have it on both machines and it seems to be the first program to make contact over the Internet when I bring my machines out of hibernation. I have used netstat to track uninvited connections some of which I blocked by turning off the process and some of which were blocked by changing the name of an executable. The reason I made a name change instead of a file deletion was in case I made a mistake, I could open in safe mode and reverse the process.

Lets slowly and carefully take a look at netstat outputs from XP and Vista.

C:\WINDOWS>netstat -ano (THIS IS XP)
Active Connections

Proto Local Address Foreign Address State PID
TCP 192.168.0.101:1053 216.239.51.125:5222 ESTABLISHED 1644
TCP 192.168.0.101:1054 64.233.163.189:80 TIME_WAIT 0

L:\Windows\system32>netstat -ano (THIS IS VISTA)

Active Connections

Proto Local Address Foreign Address State PID
TCP 12.197.52.45:49487 216.239.51.125:5222 ESTABLISHED 1028
TCP 12.197.54.76:49161 72.14.203.100:80 CLOSE_WAIT 1028

There is not much difference in the information which can be obtained. The two different machines are using difference ports and Process Identification Numbers (PID) but the information given is exactly the same. In both cases, the only way to prove that this is Google Talk connected to the Internet is to look up the IP using a DNS service.

Now let’s take a look at netstat -bv. I have discussed this deficiency of Vista before although not in complete detail.

C:\WINDOWS>netstat -bv (This is XP)
Active Connections

Proto Local Address Foreign Address State PID
TCP Whatever:1053 kc-in-f125.google.com:5222 ESTABLISHED 1644

C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\USER32.dll
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\kernel32.dll
— unknown component(s) —
[googletalk.exe]

TCP Whatever:1054 nz-in-f189.google.com:http TIME_WAIT 0

Take note that in XP, netstat -bv clearly identifies the URL of the connection to the Internet saving you the time to look it up. Also, the link between the port and the PID are connected to the URL or in some cases the IP but the connection is always clear. Also note that all of the subprocesses of Google Talk are identified and you can look them up one by one to identify whether they are legitimate or not. If any are suspect, a replacement can be downloaded to replace the suspect file or they can be renamed to find out what happens to your machine when they are deleted.

The following is the output from netstat -bv in Vista.

L:\Windows\system32>netstat -bv (This is Vista.)

Active Connections

Proto Local Address Foreign Address State
TCP 12.197.52.45:49534 ro-in-f100:http CLOSE_WAIT
[googletalk.exe]
TCP 12.197.52.45:50325 kc-in-f125:5222 ESTABLISHED
[googletalk.exe]

The above is the output from Vista and the information is worthless. There is no link bewtween the URL, the PID or the port and the ports which are identified are not the same ones identified by netstat -ano. Also, no subprocesses are identified so the search for problem exicuitibles is hindered.

There is no defensible reason why a powerful diagnostic tool like netstat should have been debased in Vista. It would have been easier for Microsoft to spin bullshit if it had been entirely eliminated.

Window Washer Sucks!!!

November 27, 2007

About a month ago, Steve sent the following comment.

“please google the following CMU-ISRI-05-119. It is a real eye opener and I promise it will enlighten all in this discussion!”

I did Google it at the time, and meant to comment on it further. Seems this is an only modestly technical paper which could be read and copied by a bright high school kid for his science fair project. In the simplest terms, they evaluated about six different manufacturer’s privacy protection software. There conclusion was also fairly clearly stated.

“The results highlight some significant shortfalls in the implementation and approach of these tools leading to privacy concerns about the exposure of sensitive data. The findings also raise questions about the level of privacy protection that is realistic to expect from these tools….”

All of these tools were tested on windows XP and I’m not aware of a similar comparison of privacy products which allegedly protect you from Vista’s invasion of Privacy. All vendors were notified of the work in progress and only CyberScrub which was the best of a very poor lot responded with positive changes being made in the new version.

This excellent piece of practical knowledge was done by Matthew Geiger and Lorrie Faith Cranor at the Institute for Software Research at Carnegie Mellon University.

There report ran 64 pages and is easy enough to read. My original report on Privacy software ran a little more than two paragraphs and I stand by the Title

Window Washer Sucks.

Vista OOBE Sucks!

November 26, 2007

As an old marketing practitioner, OOBE is an acronym for Out Of Box Experience

Forget that Microsoft has hijacked the term to mean their start up programming that bores you to tears while describing all the new bells and whistles and telling you how great they are and how much you will love them. To me OOBE includes all those factory preset conditions that make your computer act the way it does. I Know that there has been much written about how to turn off or correct many of the nasty conditions I’ll describe but that’s not the point. The average user does not know how to change the registry or turn off processes and shouldn’t have to learn.

All my complaints deal with the fact that this operating system is a total mismatch for current equipment. The worst manifestation is that it is slow, slow, so very slow. When I wake up and go to my hibernating machine I don’t know what to expect when I tap the enter key. It might spring to life in a minute it might take five minutes, only the Vista Gods may have a clue. I have programmed my human self to tap a key to wake it up before I start my morning tea and go to the bathroom, then my trusty Vista machine will probably wake up before I’m finished my morning ritual.

Now when my XP machine takes more than 2-7 seconds to come to life the first thing I do is run “netstat -ano” to see who’s connected to my machine and what they are doing. Running “netstat -bv” identifies the processes and the executables involved in each process by the connection name (This doesn’t work as well in Vista).

When I try to quickly run the netstat command on Vista DOS, Vista plays a silly game of Simon Says where it asks me if I am truly the person who clicked to open DOS and it will not open it until I click yes. I mean I am operating as administrator with administrative privileges, what’s above that? When you get to your answer for your request, you have no way of knowing how many connections were made and broken while you were playing Simon Says or waiting for your machine to come out of hibernation.

My next task is to identify the processes which the IP’s are connected to and when I run Task Manager, it plays that silly game of Simon Says again invoking my administrative privilege to proceed and then the first answer is not complete. You have to click on a box that asks if you want to see the processes for all users. I mean, I’m supposed to be the administrator with full administrative privileges and there are no other users on the machine yet more processes are identified as being operated by “system”.

By the time you get full administrative privileges there is no way to get full knowledge. All this crap slows you down so much it is impossible to know what wasn’t captured.

There are ways to work around this unnecessary crap but then why should I have to?

Vista; Resistance is Futile, Knowledge is Soporific!

November 24, 2007

Well my friends over at Vistasucks wanted to know what I think about Vista and what am I doing about an operating system.The answer should be obvious: Nothing at all.

I finally got Vista installed and even used Defender antivirus. This operating system is slow and I finally figured out one of the reasons was the daily backup which quadrupled disk usage in about a week. I’ll discuss the Vista shortcomings in the next few blogs and they go from banal to unacceptable and sometimes you can’t tell the difference. I mean is it banal or unbelievably unacceptable that the solitaire game cannot keep accurate score. This has to be indicative of a lack of market testing, and poor software control. If they do something stupid like that with trivial solitaire programming – what’s wrong with the rest of the system.

I’m not above self criticism, so about a month ago, I went back to my computer assembler and tried to purchase a brand new Vista Machine just in case the mistakes were caused by me during installation. He told me they no longer built them for inventory because everybody wanted XP but they would build them to order. So I had one built. I’ve forced my home to be a Vista enclave by giving away a perfectly good and almost new XP machine that I dreaded doing the upgrade on after my first experience. The second custom built machine has not even come out of the box as I have been too busy but since the house must be in order before the Christmas guests arrives, I have a deadline. The biggest change is I’m sleeping in later and no longer working from home because I don’t need early morning aggravation. As a result, my hobby blogs have been unattended for about a month. Vista is too much like work, it reminds me of the old Sinclair Timex machine with the memory always falling out and crashing the machine. It was cute but it still sucked.

For now it’s XP & Suse Linux at work and Vista ( mostly never used) at home. At work there are no issues of security or privacy. We are in a controlled industry and damn near every government agency in the world can get a court order to see what’s in our files or on our machines so we let them look without too much bother. Since I don’t understand the security of my Vista operating system at home, there is not much other than family pablum on it.

I was born free, I would prefer to die with my right of privacy intact and I feel that no operating system exists which will work to protect me. They all seem to be designed to a greater or less degree with some obscenity called “the National Interest” in mind. I’ve done the boring blog about Vista invading your privacy and the only reason XP is better is that there are more programs out there that work to protect you. Vista was probably released in the “National Interest” to provide usable trapdoors for the Feds because the XP vulnerabilities were all being closed by independent software developers.

As stated previously, Linux is still a toy and the open source movement is a disaster. (Open Office is dreadfully slow and there are now 33,000 images associated with the program.) I suspect thats whats wrong with totally open source is that every kiddie hacker in the world wants to add an image or their 2 lines of code and soon, the programs will grow to Bill Gates size with all the associated backdoors. There are probably a half dozen programers working at Homeland Security submitting clever code to add to the various Linux distribution which will make the system weaker.

I’m starting to think about alternate surfing technology and alternate operating systems which is why I’ve started blogging again. I can’t believe that there is not a way to once again surf the net with the privacy of a library. But in my heart I know:

Resistance is Futile, Knowledge is Soporific!