Messages

76

General Software Discussion / Windows Firewall (&co) headaches

« on: September 08, 2012, 06:08 AM »

Here, have a small story of frustrations that will hopefully help out some poor soul when they come across it by the merits of searching the interwebs...

So, yesterday and today I spent around a full day trying to fix up the laptop of a couple that I do regular pc-checkups for. They'd gotten infected despite me setting them up with proper protections and all that; first one in a years time so I was surprised it took this long. Getting rid of the nasties wasn't too hard; they merely prevented task manager and some other common PC-management and anti-virus apps from working while non-stop spamming the usual 'you got viruses, pay me!' dialog at me. Oh, and it also kept re-directing tons of websites to google, of all places. (Some irony, given that microsoft.com was one of those...)

But that's not the problem. Took me 30 minutes, and another 30 just to make sure the entire HD was clean. The problem was with the fact it totally utterly hosed all security-related services. Security Center, Windows Firewall, Windows Update, Windows Defender and Windows Security Essentials... all of it was borked good, and the normal interface options to turn them on/off all gave cryptic error messages. Further investigation showed they were either missing from the Services list completely, or going hard-core 'Access Denied', 'dependencies have failed' or something even more extravagant when trying to start them.

So I just Remote DesktoP in to my pc, open up regedit, and start extracting relevant entries under HKLM\SYSTEM\CurrentControlSet\services; WinDefend, MpsSvc, SharedAccess and then some. (Thank you DoCo for that copy of BeyondCompare; it really helped out with this. ) I got the Security Center working, but everything else was still a trainwreck. This is taking too long, and I need to scour the internet in detail, so I go home to prepare for the next leg of troubleshooting. This is where the real pain starts.

At this point, I know I am missing services, so I start looking into it. In comes the rescue: downloadable links with the proper registry entries and all the relevant services. Throw it side-by-side with the export I made of the offending laptop, and it takes me 30 minutes to prepare a bunch of registry files to restore the computer with. (I ended up using them all, just to be safe. Silly dependencies.) Next day, I go to install them, takes me a few minutes, and restart. Bzzzt, still no success, although stuff improved; at least I have the Background Intelligent Transfer Service again, which means Windows Update is finally runnable again. Windows Defender worked too, but Security Essentials didn't. My torture commences here.

Windows Firewall requires BFE, and both of them are a pain to start. Access Denied errors are aplenty. Fixes for these are all over the internet, but most didn't work for me. (I think the one comment I saw to 'give everyone permission to all services' might have worked, but I think that beats the point of fixing up the security part of it.) BFE was easy to fix, but MpsSvc (the 'Windows Firewall' service) kept giving me an error 5 ('Access Denied') no matter how high I set the permissions on the MpsSvc and BFE keys. Oh, and before someone mentions, I did try this FixIt, but that too failed.

But I figured it out. Process Monitor is one thing that tipped me off to one of the locations in question, and then Google finally pointed me in the right direction. Wham! This place saved me, and pointed out to me what exactly needed to be set where. For people with even worse security-destruction, the other pages might help too.

As for Security Essentials.. it has a tool to let you /RestoreDefaults... but that one errored out even at the end for me. So that is the only one I had to reinstall in order to fix it. It's a kick in the shins, but the end result means it all works again.

So why am I posting here again? I don't need help anymore, obviously.

There is so much Windows Firewall trouble out there that the single correct helpful resource could not be found underneath all the Microsoft Connect garbage suggestions that were either flat-out wrong, incomplete, or plain idiotic ('Add 'Full Control' permissions for Everyone on the HKLM\SYSTEM\CurrentControlSet\services key and subkeys'. And know the worst bit? All that stuff is marked as an Answer by Microsoft! Ugh. Security? What's that?

Don't remind me of that FixIt thing. The concept is nice. But if your fixes are failing to fix stuff, it is plain frustrating and a kick in the shins. Your own employees have blogs with entries on how to fix this problem... a problem that is clearly common enough to warrant making a 5-part(!) series about. And it has screenshots and tons of helpful details not even Knowledge Base documents tend to have.

Isn't it ironic that all the 'security' things were harder to deal with and fix up than the actual rootkit that was blocking tons of programs?

To finish this post up... If you have Windows Firewall problems after you fixed up your virus/rootkit/etc trouble, check out the sites I linked above if you want to do it in a security-conscious manner. Together, they will very likely help you get your PC protected again without a backup/reinstall/re-store data cycle that is sure to annoy you for at least a week after the fact.

77

General Software Discussion / Re: Looking for Security Software/Solutions

« on: April 22, 2012, 11:45 AM »

It all depends on the sort of surveillance you expect. Only digital? Or do you expect your analog life to be monitored as well?

In the end, it comes down to trust. A single 'compromised' module makes the entire system void, which essentially means you cannot even trust the OS you use. An example: think of the Debian OpenSSL vulnerability that happened by accident a year or two ago. of which similar tricks could easily be implemented by governments on purpose.

Another mind game to serve as an example is as follows... suppose your system is compromised. But you have the full source code, and you could rebuild it from scratch. The problem is.. what will you rebuild it with? Even if your source code is safe, what is to say about the compiler, maybe it is rigged so everything you compile with it has a backdoor. Or maybe only very specific stuff like security software has a backdoor! Fine, you say, I'll make sure my build environment is safe, and check MD5 or even better a SHA hash that's not been cracked yet. But how can you check it? The md5sum tool or whatever may also be backdoore. Copy it to a system that is theoretically safe? Who knows, your copy command might remove the backdoor...

Long story short: without a clean-room to pick the machine apart in, you can not be sure your system is secure. Sure, there's projects like TinyCC which are built for transparency to combat this sort of dilemma to a point, but they are not performant and take a lot of expertise to use properly to combat this problem. (And _really_ rebuilding a system from scratch, to vet every single piece of code... can easily take months, or even years.)

Do you trust your OS? Do you trust the people who made it? Do you trust the people who supplied it? Do you trust the people who create your encryption software? How about your communication channels? And this is not 'trust to make a good product', nor is it 'trust to mean well', and it isn't 'trust to make a perfect product' either.

It is a 'trust these people with your life' sort of trust. Because once you talk state-sponsored surveillance, that is obviously how high the stakes have gotten.

The safest way would be to layer, layer, and layer more. Do manual encryption based on code books. Throw that through military grade encryption. Don't send it through digital means only, use pre-arranged drop spots. Digital stuff can be monitored for far more easily than drop spots and the sort, which take human sentience and human attention to be on your person or your receiver in order to get caught. Etc. If the state is your enemy, no precaution is a precaution too many.

78

Developer's Corner / Re: Dealing with UAC in portable tools

« on: March 02, 2012, 01:03 AM »

Thanks for sharing this with us, vlastimil!

Save for the Explorer object, which is a very interesting find I must say, I already figured out these things back when I wrote JottiQ for NANY 2011. My solution is basically the 'spawn myself as an elevated process', where commandline switches describe the actions to be taken. As JottiQ never saves stuff, it is only for certain changes in the registry, so I escaped most of the hell you had to go through.

79

Living Room / Re: YouTube Identifies Birdsong As Copyrighted Music

« on: February 27, 2012, 03:12 AM »

Well, birds don't pay taxes, so obviously someone needs to exploit them another way. Isn't human ingenuity a wonderful thing?

80

Living Room / Re: PrECISE - It's the New SOPA/PIPA/ACTA

« on: February 26, 2012, 01:34 PM »

Nice hoax. Doesn't look super official though, and that's probably for the best in case you're gonna get in trouble for impersonating a federal office or whatever.

81

Living Room / Re: Today is Your Last Chance to Remove your Search History from Google's New Policy

« on: February 22, 2012, 11:20 PM »

That's history since 2006 deleted. Hot dayum, thanks for the pointer. That was some scary shit they know about me.

82

N.A.N.Y. 2011 / NANY 2011 Release: Cautomaton v0.9.0

« on: February 22, 2012, 10:14 PM »

I am covering my head in shame!

I'm so sorry I missed your post dude; I don't know how I managed it exactly but I did. Worst part is... the thing you are asking about is something I had already fixed on my computer months ago, and I was under the full impression I had released it. So I left you out in the rain with no excuses whatsoever.

That said, when I saw your post two hours ago I went right to preparing a fresh release v0.9.0. You may not need it anymore, but I will post it for you and others regardless. My sincere apologies are about the only thing I can offer you to go with it. The download link is in the opening post.

v0.9.0 (2012-02-23)

    Not much new. Or so I thought. I prepared a release a long long time ago,
    or it was supposed to be part of 0.8.3 and ended up not being included,
    and in the end I had unreleased features. I've tidied it up a it and am
    now releasing this stuff... if I remember it, that is.
    
      Added: proper support for the 'Properties' and 'Previous Versions' verbs.
      Added: mentions of all new options in v0.8.3 in the /? screen.
      Added: more debug messages, in case of people having troubles.
      Changed: /i:a was removed, and is implied by default.
        It's barely supported (if at all) anyway; same as /i:w which remains
        but is equally unlikely to make a difference. If this breaks stuff
        for anyone, let me know and I will revert the functionality to how it
        was in v0.8.3.

83

General Software Discussion / Re: No more native Flash for Linux

« on: February 22, 2012, 02:15 PM »

I fully agree. Even tho I don't use Linux for my desktop, I can wholeheartedly stand behind the 'get rid of flash' mentality. HTML5 may cause some really laggy pages when it gets too much dynamic shit, but Flash does that with even simple ads, or messed up youtube videos. It pisses me off good on a near-daily basis.

84

General Software Discussion / Re: Tagging audio files in itunes+ipod is an absolute NIGHTMARE!!

« on: February 16, 2012, 12:39 PM »

I only got an ipod because of the good battery. Imo, the interface sucks, both on the device and the software. (Yes, I'm a heathen to many.)

Why does it suck? I'm someone who likes to manipulate their music while doing stuff. Don't like a track? Go to the next one. With an ipod, I can't do it unless I take it out of my pocket, use both my hands to get it off the lock, then hit the next track button. Previous music players I had allowed me to do all those actions with one hand, without looking, simply because I could feel where the controls were.

85

Living Room / Re: Anatomy of a Tear-Jerker: Very cool article on why songs give you chills

« on: February 13, 2012, 10:57 AM »

I wish I had listened to that song at any other time. Literally so. My thermostat turned off ~30 minutes ago due to a different mode, and that makes the room lotsa colder all of a sudden. (It does that every day, but I'm too lazy to reprogram the stupid thing.)

Now I can't be sure if the test succeeded or if it is just my thermostat is messing me up.

86

General Software Discussion / Earning the 'daemon' inside DaemonTools...

« on: February 13, 2012, 10:19 AM »

I just stumbled across this (link to full article)

Daemon Tools is cataloging all your disc images, without permission

So after launching Daemon Tools Lite today, I noticed a new pane on the right labeled MountSpace. Turns out, it’s a cute little service that shows the top games and applications that folks are mounting and using in Daemon Tools. And to deliver that experience, Daemon Tools hashes every image you mount and sends it to MountSpace servers with or without permission. Combined with your IP address, and probably more, it doesn’t take a genius to realize this is a huge privacy issue.

<snip>

Several problems:

• The Daemon Tools Lite EULA only mentions the word “privacy” twice, both in irrelevant contexts. In fact, the EULA appears truncated.
• Selecting “Don’t allow MountSpace to use my mount statistics” here doesn’t actually turn off MountSpace.
• MountSpace doesn’t have a real privacy policy.

-WithinWindows

As always, the devil is in the details. I couldn't resist the pun, sorry...

I've had a funny feeling about this company for years - pretty much since they started bundling toolbars and all that 'good stuff' with their stripped down products. So while I am not affected, I wanted to alert all DoCo'ers about this as I know a fair few of you actually use this program.

For those who need an alternative, I can personally recommend the minimalistic Virtual CloneDrive. It doesn't do much more than mounting disk images, but in my experience that's all most people need, and it is very good at it.

87

General Software Discussion / Re: Is WinZip still worth updating?

« on: February 10, 2012, 04:06 AM »

The one problem I have with 7zip, and also with Winrar in the past, is that drag-and-drop tends to unzip to some temporary directory first, and gets moved to the right location afterwards. When dealing with 1gb+ archives, that shit is slow and half the time I need to delete stuff because I run out of diskspace.

I really wish that would get fixed some time. (I know there's a setting for it, but it's a dud in my experience.)

88

Living Room / Re: Google Ends Privacy

« on: January 28, 2012, 11:55 PM »

It is so amusing how people are mad about Google's continued reluctancy to stop their data misuse but don't see a reason to just stop using Google services. Oh well... people are stupid.

(Written without Google.)

-Tuxman (January 27, 2012, 04:22 PM)

^ That is why I have decided to move all correspondence I truly care about away from Google since the new year. Gmail will only get what it already has, and stuff will be moved away from it too. Nice as it is, it simply isn't worth the price of having my life become someone elses commodity.

If you don't want 1984 to happen, you need to take your own measures. The Holocaust is what happened when people noted their religion and/or race down on paper; I truly dread what will happen when we get another Hitler in the digital age. And get one, we will. The question is simply when, where, and how well prepared we are to deal with it.

89

Living Room / Re: Apple & Textbooks

« on: January 23, 2012, 05:19 PM »

I spoke to a couple of folk who are familiar with the e-publishing biz, and apparently most of this is (sadly) par for the course! Even when using the tools Amazon and co supply for ebook authoring (read: converter), you end up with shafted deals like these. There's not much 'authoring' to these tools, and as such is closer to a wav->mp3 sort of things, or how iTunes is only for apple products.. and where Palm was not allowed to sync with it. (If this is common knowledge; I apologize... I was under the impression at first that this was a MS Word-like program, and that whatever you typed in there would be subject to these terms... but thankfully it's not _THAT_ bad just yet.)

There's only a few small differences. For one, this converter Apple makes available can do some extra stuff, and is better at a .epub conversion than many other programs, especially for the less tech savvy ebook author(wannabe)s. People don't care about the extra ibook-only stuff, but they are upset they can't get to use it for the epub converting stuff. Finally, there's the matter how you don't get to see the EULA till well into the program.. while you already agree to it the moment you start the application, which is pretty sleazy as well.

In the end, it is Apple being horribly greedy Apple, trying to lock people in on their platform once again like how they did for the iPuddle and IPhiddle. They basically supply a free tool that woos everyone (especially the fanboys drinking the koolaid), get people to using it, lock them in, and do everything to restrict the user... like many other big companies out there.

90

Living Room / Re: As a counter-point to the SOPA/PIPA demonstration

« on: January 23, 2012, 11:46 AM »

All of you together have probably covered my opinion on this already, but there is one thing I do feel needs special mentioning: how 'copyright holders' got that MegaUpload advertisement pulled under the guise of the DMCA... while they have never owned any copyright on that material! That alone is to me the reason why SOPA/PIPA/ACTA/insert-four-letter-acronym-here should never happen: if they already abuse the current laws, then imagine what they could do with those despicable laws-in-the-making?

Is MegaUpload shady? Yes. I have no doubt they profited from less-than-legal activities.
However, according to the DMCA, especially according to the safe harbor proficiencies defined within, they were very much legal. They supported DMCA take down requests, did as much as the law asked of them to stay legal, and generally acted like a legit business. Compare that to some of their competitors who make none of those attempts, and you really scratch your head. MegaUpload is being made an example out of by the 'all filesharing is evil' crowd.

Apparently it is working, since some of those really shady competitors have since seriously cut back on their services, ripped out their ad-sponsorship programs and the likes. Good result? Maybe. But the way it was achieved is seriously depressing, since laws never remove rules: they only add more of them.

91

Living Room / Re: [SOLVED] Windows XP system clock losing (lots) of time.

« on: January 23, 2012, 05:11 AM »

I'm glad you figured it out!

I also want to express my thanks to Cranioscopical for his community spirit; little surprises like the one he sent my way are what makes this community great!

92

General Software Discussion / Re: "Of course you know, this means WAR Gentlemen!" Microsoft makes its move.

« on: January 15, 2012, 11:19 AM »

I can't say much that others have no said before me. Ok, I can, but it involves Windows 8 looking like crap even before this failmove was announced, but that does not mean I approve of the general direction this ridiculous nonsense is going in. Secure Boot? Nice marketing. But the real development codename? Vendor Lock-In.

While I may not fully understand how this feature works, there may be another thing that might sort of save consumers in the short term, depending on the details I can't be bummed to find out. OEMs are cheap. OEMs need to automate. Which means Windows installations need to work with the BIOSes. Think key and keyhole. Looking at it the simplistic way, i just takes someone to properly copy the key Windows uses and pretend to be Windows. Obviously, there is the matter of a chain of trust that checks if it is a real or a copied key, but there will be a hole. On ARM, sadly, this is going to be the hardest part. Normal computers, you just take out the hard drive and fix the part where the 'bootsector' is to look good enough to pass BIOS verification. On ARM, it is likely soldered due to the embedded nature, and obviously Windows won't make it easy to change the bootloader either at that point.

But still, it is not a solution. It is a band-aid of freedom that basically devolves into the world of jailbreaks.

93

Living Room / Re: Sorry, This Post Has Been Censored

« on: January 14, 2012, 07:29 AM »

I just stumbled across this: No more DNS blockage.

In my opinion, this is like saying 'Look, my diarrhea no longer has blood in it, so now I can smear it all over your face!'. Which, I hope, is enough to clarify my standpoint on these bills.

94

General Software Discussion / Re: Nasty NTFS issue ?

« on: January 13, 2012, 10:08 AM »

Other than 'at boot time, it renders my XP unstable', you don't explain anything about your problem, so how are we supposed to know how to help you? Please supply some extra information.

Does 'unstable' mean 'crashes'? Does it mean 'hangs for ages'? What sort of success rate? How about safe mode? Are all your drivers upgraded? Have you tried a tool, like for example HDtune? Etc.

95

Announce Your Software/Service/Product / Re: BugAid for C# - Add-in for Visual Studio that improves the debugging experience

« on: January 12, 2012, 02:31 AM »

Sounds good. If I make something opensource some time, I'll make sure to apply and give it a whirl!

(Oh, you may want to fix the typo in the opening post. It says exactly the opposite of what you want it to say! )

96

Living Room / Re: Hosters are impossible. (A.k.a. get me what I want, not what I don't want!)

« on: January 07, 2012, 06:36 PM »

Just a reminder - I already settled for an offer from GeekISP, and so far I am happy there. Although I do appreciate all the suggestions given - they can be useful for other people, or for me if I end up a dissatisfied customer.

@worstje - what do you mean multiple domains for simultaneous logins are no longer supported?  I do that all the time?  Unless I'm missing your point...

-wraith808 (January 03, 2012, 07:16 AM)

They haven't been supported for over a year. Basically, open one tab, and login on your @gmail.com account. Next, go to mail.example.com and login there. Nowadays, they log you out on the other one: only a single mailbox active seems supported nowadays. In days gone by, I could have three of the buggers open for days, and that was convenient, especially on the email-checking area. Logging in every time I need to use another account however is a big big bummer.

If you have the domain and it's only for email, why not host it yourself?

-Edvard (December 29, 2011, 02:35 PM)

Don't do this. No, wait, scratch that - don't even consider doing that. There's simply too many headaches involved.

Configuration, security, maintenance, resilience are bad enough by themselves. On top of that, a lot of ISPs block the necessary SMTP ports, and there's a lot of "distrust" generally for SMTP servers on ISP customer IP ranges... something that might not give you too much trouble if you're just going to receive mails, but should you ever want to use your own mailserver to also send mails, you'll be in for quite a bit of work and frustration.

Really, the money spent on email hosting is well spent.

-f0dder (January 05, 2012, 08:56 AM)

Amen. Throw in a dynamic ip address and the fact that ISPs generally forbid hosting your own email (even if the port is open), and you may either find your port blocked serverside (and not find out for weeks!), or your entire internet canceled because your broke the Terms of Service Agreement. Too much frustration, definitely not worth it.

(Lazily only reads half the thread)

Did you rule out free host providers? One of my other long standing interests is Free Hosting. Thinking ahead to a possible next objection, it turns out that I got tired of "choose me!" ads from junk hosts, so I set out on a 27 month free host study to find quality free hosts.

-TaoPhoenix (January 07, 2012, 05:58 PM)

Because I cannot paste it often enough, let me repeat my stance on free things: If you don't pay, you aren't the customer. You are the PRODUCT. For most things, that is not an issue, and I _do_ enjoy my gmail account. However, I wish to look professional where this domain is involved, and if I do not trust Google with that data, why trust some other provider? At the least Google has a spotlight on its back; all those other tiny hosters can get away with far, far more when it is about privacy-related matters.

That said, GeekISP was recommended to me in the second post of this thread, and their website looks particularly 'un-ad-festy'. It literally looks like it was made by a geek! From what I can tell, I think this man really gets his business through word-of-mouth, which is a big plus in my book.

97

Living Room / Re: Windows XP system clock losing (lots) of time.

« on: January 07, 2012, 07:57 AM »

I did some checking, and it looks like it may be driver related. Especially the chipset. Any chance Windows Update decided it knew best when you weren't looking?

98

Living Room / Re: Hosters are impossible. (A.k.a. get me what I want, not what I don't want!)

« on: January 03, 2012, 12:03 AM »

A belated reply to mahesh2k: no, no, no and no again.  See my initial post for as far a free solution is concerned.

And second, I'm no business. I'm just an individual in need of something to cover that nasty line where a free email account doesn't cut it (with an ancient-old nickname as part of the addy..), nor does something like '[email protected]'. Friends and family are fine for the former, the latter is fine for forums or whatever other public menace you aren't attached to.. but if you are going to end up representing yourself to potential employers or otherwise handling stuff you feel deserves a bit more care - it's worth the investment.

Alas, the problem is solved already in the shape of GeekISP, but thank you for replying. :-)

99

N.A.N.Y. 2012 / Re: NANY 2012 Release Day Getting Close!

« on: January 02, 2012, 11:45 PM »

Yes, why yes it does, kyrathaba. I'd give you an exemption, but I am in the habit of setting myself impossible goals, and obviously I am in no different position than you: two entries last year, no entries this year... so I need to strong-arm capable coders into making two apps and deleting all copies of them at release day without releasing, wait... no, withdraw my old applications and essentially unmake them... ugh. I guess I might settle for simply breaking the space-time continuum.

Everyone who participated: great jobs. I've been looking through them, and while I haven't posted in any topics, that is simply because this years bounty doesn't seem to have much of my needs. (Or maybe my cursory glance is missing the ones that would!) Eiher way, once again, good jobs, and thanks on behalf of all those bums who, like me, tend to be too lazy to register/login and post.

100

N.A.N.Y. 2012 / Re: Gentlemen (and Ladies), Start Your Engines!!

« on: December 29, 2011, 11:30 PM »

Make that 41. Because I break the universe like that.

(Sorry. )