Technofobe

Ok. So, I've been doing a lot of work from the local Austin coffee shops lately. I like getting out of the office and getting some good work done. There are some great places around Austin to visit. I've been to a lot and my personal favorite for getting a lot of work down is Flight Path. I could go on about coffee shops in town, but this post is supposed to be about SSH.

Ok, so if your reading this then you probably know that surfing the net in a coffee shop can be risky if you are doing anything that you'd like to keep private. To stay secure, you can tunnel your network traffic from your laptop (at the coffee shop) back through your home internet connection (which is presumably more secure.) This will help prevent the unscrupulous sort of folks from snooping into your business.

You can do all of this using freely available software and once it's set up it's very easy to use.

Also, I've heard of people using this to bypass the web filters at work since you are basically setting up a proxy at your home. NOTE! Please be aware that if you do this at work to subvert the security measures put in place by your local IT folks then you could get in to big trouble! There, you've been warned...

Anyway, here's a link to download the paper outlining the steps and software needed.

Enjoy.

Donate to SSH Information

These guys have definately found their inner grove.

Salesforce.com continues to innovate and invest heavily in new features and integrations. I've personally been a Salesforce.com cutomer from the beginning and I have to say that they have an outstanding product. Salesforce has recently gotten together with Google to integrate its service with Google Apps which makes for some really interesting possibilities.

Google Apps and Salesforce.com both individually offer great value to businesses and together the whole may really be greater than the sum of the parts. These short videos are certainly worth the watch.

... you should see this video. This is a presentation given last year by Steven Rambah (owner of Pallorium, a private security firm) at a security / hacker conference (Toorcon). He gives examples and a good, overview of how business like Google and governmental agencies collect data on people.

Unless you have been living under a bridge for the last 5 years, everything about you (and I mean just about everything) has been and is being collected, stored, and analyized:

• Blog posts that you write (like this one)
• Email that you write
• Phone calls
• Purchases
• Web sites visited
• Pizza that you order (yes, really)
• You location at any given moment
• The eipsodes of lost that you Tivoed
• Your magazine subscriptions
• And MUCH more...

• Apple is already selling iPods that will hold 40,000 songs.


• Storage capacity will continue to double every year and half (see Moore's Law and Kryder's Law)


• Based on this within 10 years you will be able to carry all the music that mankind as ever produced in your pocket for about $100.

Here is a nice Systm video where the hosts discuss getting a good wifi connection.... they discuss their results, equipment, and their attempts at a 1 and 12 mile connection.

The MICROSOFT SCRIPT CENTER may not be the best resource on the web but it is one of the best I have seen so far and is a great place to get started. Here are a couple of nifty tools that live there and that are certainly worthy of mention:


SCRIPTOMATIC

Scriptomatic by The Microsoft Guys appears to be an awesome way to generate code for all different types of functions. It will generate code in VB Script, Perl, JScript, and Python with the simple click of a button. I have not had time to really did too deep into this tool but at first glance it looks fantastic.

PORTABLE SCRIPT CENTER

The Portable Script Center is just a simple help file that contains all kinds of helpful sample scripts for just about everything that you can think of. Now there is no need to have to re-invent the wheel. You can just copy, paste and modify the scripts based on your specific needs. This is a must-have.

Ok. This has been floating around for quite some time now. However, if you haven't seen this clip of John Stewart making fun of Senator Ted "The Tubes" Stevens then your online experience is certainly incomplete. Enjoy...

http://www.spikedhumor.com/articles/40375/Daily_Show_Ted_Stevens_And_Those_Internet_Tubes.html

I was recently visting with my close friend Bruce and we were doing the geek-speak thing about scripting and automation. He had written some uber code using KiXtart that automated many mundane IT management tasks. One of the functions of his program was to query registry values of all of the computers on the domain and report on the status of the antivirus definitions. This was of particluar interest to me because I had a bad experience attempting to get a simple report like this out of the management tool provided by Network Associates (ePolicy Orchestrator) and I still needed better solution.

So, with that that inspiration I set out to write my own script. I have more experience with DOS Batch files so I decided to stick with that rather than going with VB, KiXtart, etc. That said I am still a relative n00b.

Long sorted story short, I did a lot of Googling for sample code and a lot of reading of reference material, and after about of week of working on this off and on I was successful. Essentially what I ended up with was a batch program that takes a text file with a list of computer names as input and produces an output text file that shows me the status of the antivirus definitions on each computer. I also used blat(a command line mailer) to have the results automatically emailed to me.

I am sure that there are many coders out there that can produce more efficient code as there is always more than one way to "skin the cat." Here is my code:

@echo off

REM IF the user does not enter a file to parse for computer names send a message and stop

if not exist "%~1" echo Please enter the name of the file to parse.&goto :EOF

REM delete the last result file.

if exist results.txt del results.txt

REM Create the header for the results file

echo %date% %time% >> Results.txt
echo. >> Results.txt
echo EngineVer Defs Ver Defs Date Computer >> Results.txt
echo. >> Results.txt

REM Go through the names in the file and send them off to be processed

set filename=%~1
for /f %%a in (%~1) do call :PROCESS %%a
ECHO. >> Results.txt
ECHO Done processing %filename%! >> Results.txt
blat message.txt -attach results.txt -server SERVERNAME -to email@yourdomain.com -f email@sendersemail.com -subject "Currentl AV Status"
GOTO :EOF

:PROCESS

REM Ping the host to verify it is up. Also, check that we are not at the end of the list of names.

if /i %~1==%filename% goto :EOF
ping -w 20 -n 1 %~1 | find "TTL=" && goto :CHECKVIRUSDEFS
ping -w 20 -n 1 %~1 | find "TTL=" || echo %~1 is not responding! >> Results.txt
goto :NOTRESPONDING

:CHECKVIRUSDEFS

REM Check to make sure that the appropriate registry entries exist before processing.

SET INSTALLED=Y
REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szVirDefDate" || SET INSTALLED=N

REM Query the registry, store the findings in variables and write results to results.txt
REM NOTE: temp.txt is created so that it can be parsed for the exact value needed since I couldn't get this to work all in one command.

IF %INSTALLED%==Y REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szVirDefDate" > temp.txt
IF %INSTALLED%==Y For /F "tokens=1,2,3,4,5" %%A IN (temp.txt)DO (SET Day=%%C&SET Month=%%D&SET Year=%%E)

IF %INSTALLED%==Y REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szVirDefVer" > temp.txt
IF %INSTALLED%==Y For /F "tokens=1,2,3" %%J IN (temp.txt)DO (SET DefVer=%%L)

IF %INSTALLED%==Y REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szEngineVer" > temp.txt
IF %INSTALLED%==Y For /F "tokens=1,2,3" %%X IN (temp.txt)DO (SET Engine=%%Z)

IF %INSTALLED%==Y echo %Engine% -- %DefVer% -- %Month% %Day%, %Year% -- %~1 >> Results.txt
IF %INSTALLED%==N echo %~1 ---- DOES NOT appear to have antivirus installed! >> Results.txt

IF %INSTALLED%==Y del temp.txt
:NOTRESPONDING

Here are all of the files that I used to get this working:

• checkav.bat -- This is the main file (contents above.)
  
• names.txt -- This is a file that can be any name that contains a list of the computer names to check. You start the program by typing CHECKAV NAMES.TXT at the command prompt.
  
• message.txt -- This is a text file that simply contains the body email message that is generated with the results.txt file attached. The contents of my file simply just says "Scan Results". You can put in whatever you want.
• blat.exe -- this is the little program that I use to automate sending the results file.

Here is a sample results.txt file output from this program:



In order to get this to work you need to run this in the security context of a domain administrator or something similar since you must have enough access to remotely query the registry of all of the machines in your names file. I run my scans logged in as a domain administrator.

The windows firewall can be a problem when you are attempting to do this type of thing. I ended up disabling the windows firewall on the computers so that I could perform this scan. This may or may not be prudent depending on how secure your environment needs to be. In my case I have other security measures in place - intrusion detection, network firewall, network level antivirus, content filter, and all of my host machines are operating under restricted user profiles. There is always a trade-off with implementing security measures and I figured the added ease of managing all of my antivirus installations outweighed the security risk of disabling the windows firewall.

I am also using Group Policy startup & shutdown scripts to disable & re-enable the windows firewall. This is mainly for the laptop users so that when they shut down their computers and take them out of the office the windows firewall is back on by default. Thanks again to Bruce for suggesting that one. Here is a link to the Microsoft Enterprise Logon Script white paper for your reading enjoyment.

Here are several more links that I have used as resources for batch file scripting:

Computer Hope
Yahoo Batch File Group
http://www.robvanderwoude.com
http://www.ss64.com
Microsoft's Technet A-Z Command Reference
ConTEXT -- This is a great freeware text file / script editor that makes things easier.

Finally, please feel free to use, modify, or pass along the above code. I hope that someone may find it useful.

Box.net has this new widget thingy and I though I would try it out. So, here is my first shot at putting this on my blog. Here are some pictures of Alex's (my son) second birhday celebration.

Here is a public link to the same content in case you don't like the widget. This is just a different way of using a box account to view content.

Anyway, Box.net is doing some interesting stuff. If you needs some free online storage for backup or sharing files. Take a look at box.

I'll be fiddling around with some more of there widgets and may update this post soon. Apparently, they have a cool flash player for streaming music through their widgets. This should appeal to the myspace crowd.

It was announced yesterday that Microsoft is purchasing Winternals. You can read the FAQs about it here and the press release here. This may mean that some of the awesome tools that I have been recommending that you can freely download from the Sysinternals site may be absorbed and become less easily obtained.

As I write this I am unable to hit the Sysinternals site. This may be because everyone is scrambling to download all the great free tools before the site is dissambled! Get your downloads while you can.

I came across this article while reviewing some Digg posts. In a nutshell, it looks like some Russians have come up with a way to have their malware be even better at avoiding detection than the normal run-of-the-mill rootkits. Ths new one called Rustock is polymorphic, scans for installed rootkits detectors, and changes it behavior accordingly. F-secure has apparently developed a tool to detect this called Blacklight.

Another scanner worth of mention here is Rootkit Revealer by Sysinternals. Sysinternals provides an awesome site with a bunch of free tools for all you windows sysadmins. I highly recommend checking it out. FYI, these tools were developed by the guy (Mark Russinovich) that discovered Sony's rootkit. Here is Mark's blog post that started all of the hubbub.

Anyway, the battle between the white hats and the black hats continue...

In case you aren't in the loop yet there is a video revolution going on in cyberspace right now. I am sure that you have heard about blogging if you are reading this blog. Thing have progressed quickly as they normally do on the net. Now anyone with a video camera and a few editing skills can put together a video blog.

There is now a plethora of online videos sites and average Joe is putting together videos. Everyone seems to be getting involved. And what I like best about most of these are that many are low budget amatures that have no acting experience that have put together some really fantastic stuff that would have never seen the light of day if it were not for the Internet. I find it quite refreshing to see some origional stuff that does not have to be filtered through the mainstream media houses.

Who needs to pay for cable TV when I can just download everything I want to watch to my computer and video iPod? This is the question that some people are already starting to ask. If you have a media center PC attached to your TV or home theater system you may already realize that the Internet will become the primary distrubution medium for most audio and video content. Believe that the current cable TV providers are concerned about their revenue stream.

As an aside, the biggest threat to all of this new video goodness is a debate over network neutrality that is currently going on in Congress. But that is a topic for a different post.

Ok, so enough of the preamble. Here are some links to get you started:

Wired had a fantastic article in the May 2006 titled, "The Wired Guide To The Online Video Explosion" that is certainly worth a read. Here is a link to the one-page overview of this on their site, however, if you have the means get the magazine and read the full article they have a long listing of some of the popular online videos.

Fireant and Democracy are a couple of popular aggregators. These are some programs that help you select, automate the download of, and play the video that you want to see. These are both free, thank you very much.

Here are a few video blogs that I enjoy regularly. Most of these are techie because, well, I am a techie... Anyway, in no particular order:

• CommandN -- This is kind of a tech news / tips video blog. Consistent and organized, weekly, roughly 20 minutes-ish
• Rocketboom -- This a popular and kind of quirky news and tech news video blog (several minutes daily) NOTE: The star of the show here was Amanda Cognden, however at the time of this writing there was a falling out between Amanda and here business partner so the future of rocketboom is currently in question.
• Hak5 -- The hosts of this show are admittedly fairly geeky (which is part of the appeal), however, they are obviously real techies and the content presented in their shows is excellent. Content is mainly technical hacks and mods. Normally 30-40 minutes, monthly.
• Zefrank's "The Show" -- This is a several minute a day dose of hilarity. This is a must see. However, be warned, he likes to talk politics and he is far from PC.
• Digital Life TV -- This roughly 45 minute show is normally released twice a week and Tuesdays and Thursdays. The two nerdy commentators have great information that is well presented. I believe this one is sponsored by Ziff Davis.
• MobuzzTV -- I'd call this a Rocketboom wanna-be, however, it is still enjoyable. Daily, 5 minutes-ish.
• Systm -- No, I didn't misspell it. Not sure how often these are released but the technical info is great.
• FromTheShadows -- Uber hackers with only 6 episodes so far. Interesting stuff.

I must mention YouTube and Google Video. There are lots of goodies to see here. I think YouTube gets something like 35,000 new uploaded videos daily. Insanity!

That is all for now. I hope you enjoy. Please post here with your favorite shows.

A friend a work pointed me to this site. I'm not sure why this is so fun, but I had to share...

Enjoy

If you haven't yet seen the new SUSE XGL interface you're missing something really cool. Check out this openSUSE site for more info. Also, if you don't feel like installing a full blown copy of linux just to see the interface you can try out the Kororaa Live CD.

To try to give this interface a description it comes with wobbly windows that are just plain fun to drag around the desktop. It can make some of the windows partially transparent so you can see what is behind. And arguably the coolest feature, is the 3D desktop where, for example, you can have 4 different desktops each on a side of a cube that you can rotate. Windows can even wrap around the edge of the cube.

Here is a video that I found on YouTube that shows off some of the cool features:

After watching an episode of dl.tv I was turned on to a cool little program that may be able to fix those problem pixels that sometimes appear on an LCD screen. If you have looked at many LCD screens you probably have noticed that some have pesky little pixels that are just stuck showing a single color that never changes. While these defective pixels are normally very tiny they can be annoying. UndeadPixel is a little program that may be able to help.



First you use the little color utility on the left side of the screen to locate your dead pixels, then you use the right side of the screen to run the utility on the problem area. It works by giving the area of your screen that contains the problem pixel a serious workout by rapidly changing the colors in the problem area in the hopes of unsticking the pixel. The site author recommends that you let the process run for a couple of hours. There are no guarantees, but it has appareantly worked for some people.

During some of my linux research I stumbled across this great site listing a ton of live CDs that are available. I never knew that so many existed.

For those of you who are wondering what a "live cd" is... It is a CD that you can use to boot a computer and run the operating system completely from the CD. No hard drive needed.

The security folks at Microsoft have come to this conclusion as well. In a security presentation at the Infosec World conference Mike Danseglio, program manager in the Security Solutions group at Microsoft stated the following:

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit."

This is in acknowldement to the fact that some infections are self healing and can essentially re-infect a system even when all visible traces are removed. The truth of the matter here is that this malware is so good at hiding in all the nooks and crannies that it is practically impossible to remove the bad software without a complete reload.

To make matters worse some malware is written so that it doesn't produce any performance impact to the system and there are no visible signs of infection. These malware writers have figured out that there is money to be made by stealing peoples information and in creating botnets and they don't want the end user to know that their machines are infected. If the user knows that there is an annoying infection he/she might do something to remove the software or reload the OS and effectively clean the infections.

Ultimately, the only realy way to be reasonably confident that your machine is clean is to reload from scratch and operate as a restricted user for day to day computing.

Yep, Microsoft has decided to begin giving away their Virtual Server software for free. And... GASP! ... they will support Linux. Here is an information article. And here is the relevant Microsoft link for downloads and other info.

Just last night I successfully got Ubuntu up and running as a virtual maching under Microsoft's Virtual server. Now I just need to build a beefy server so I can fiddle with a bunch of different client and server OS's at once.

Cool stuff.

The other day I was cruising around the internet and decided I wanted to try out a couple of live linux CDs and I didn't have my laptop handy with my copy of Roxio.

Normally when you download these CD images you receive these in in a single file with an .iso extension. Unfortunately, with the stock Windos XP functionality you can not burn image files to CD. You can burn normal files without any special software but ISO files are apparently a different matter.

I didn't really want to pay for a full burning package like Nero or Roxio so I jumped on Google and started to poke around a bit. In no time I had my answer:

ISO Recorder

This is free software developed by a fellow names Alex Feinman. It is very simple to install and use. You can essentially burn the image to a CD in about 2 clicks of a mouse. In a nutshell, you just have to right-click on the CD image (after installing the software) and choose Copy image to CD and then click OK. It's really that simple. Here is the detailed How-To with screen shots.

Apparently, you can also create ISO image files from a CD although I have not tested this yet.

This is great stuff. It's free, easy to install, and it works. I've already burned 3 images and haven't made any coaster yet.

Thanks for the great utility Alex!

Additional note: Here is an informative web site with information on buring CD images using several different utilities including Roxio and Nero.

If you're like me then you have to remember a really ridiculous number of passwords. Between several email accounts, multiple web sites, banks, managed domains, and network passwords I have finally reached my memory capacity. My RAM is full and I have no more expansion slots without a motherboard replacement, which is out of the question at this point.

I guess my biggest problem is that I don't use the same username and password for everything. I'm too paranoid about identity theft after reading all of the techie resources that I peruse daily.

That said, here is a cool utility that I came across on Sourceforge that is, so far, working well for me as a password manager. It is an award winning password manager called KeePass Password Safe.

It is very simple to use and allows you to organize your passwords into useful groups. It stores all of your sensitive information in an encrypted database. Of course this database is password protected so you'll have to commit at least one password to memory.

Coolest thing about this is that it is free/open-source software.

Enjoy.

I am sort of a news junky. I spend some time every day checking several web sites for the important news of the day. I tend to keep up with the technical goings on more than other types of news, however, I always check a couple of normal news sites to make sure I am not missing anything important.

I really didn't start fiddling with site feeds, aka RSS (Really Simple Syndication), until Firefox came about. In Firefox you can add RSS feeds from your favorite sites to your tool bar thereby bringing all of your news into one easy to look at place. As an aside I believe that the next version of IE (IE7) will support RSS. Almost all news sites have a news feed feature.

While the Firefox RSS links are very cool. I have found a warm place in my heart for SharpReader (supports RSS and Atom specifications). This is a very simple (and FREE) news reader (or news aggregator) that it very easy to learn and use. I find that I am able to much more quickly gather the latest news from many more sites than I can with Firefox.

In a nutshell, I just have to tell the program what sites I want to gather information from and it automatically begins collecting data from those sites and the latest news headlines are delivered directly to me every 15 minutes. I am always up to date and I don't have to sift through a bunch of flashy advertisements.

Here is a screenshot sample Sharp Reader:


If you own a TIVO or some other brand of DVR then you know how revolutionary having on demand TV is. And, if you are like me, you probably wondered why you waited so long and now have no idea how other people can stand to watch so many darn commercials...

Anyway, I have had a similar experience, although to a slightly lesser degree, with the SharpReader news aggregator. The bottom line is that it saves me a TREMENDOUS amount of time sorting through all my news and I can now review many more news items in a fraction of the time. [Hand Slapping Forehead] What took me so long to get with the program.

Ran across this one the other day. Had to share. Enjoy.

After some recent searching for a good all purpose media player I ran across VLC. Here is the scoop on this little gem:

• It is multiplatform (Windows, MAC, Linux, Windows CD / PocketPC)
• It is Open Source software which means that it is completely FREE.
• It can play an amazing number of audio and video formats. Here is the feature list.
  
• All of the codecs are built in. This is a great feature because you don't need to go hunting on the internet for the one codec you need to play your file. Basically it just works when you play your file with VLC.
• It can act as a streaming media server. I have not fiddled with this functionality but here is the link to the info. Here is another great informational link on how to stream with VLC.

One of the cool features that may not have a lot of practical uses but is just plain neat nonetheless is the ability to play movies as your desktop background. So you can continue to use your computer while watching a video. I ended up watching more of the video rather than getting any appreciable work done.

What IT related blog would be complete with a post on Star Trek? Well, I don't want to dissappoint so here is mine...

I ran across this Slashdot article about a Finnish Star Trek movie. Apparently a bunch of amature actors and students put together a full length Stat Trek spoof called Star Wrek that is now Finnlands most viewed movie. It is a free download an you can get your copy here. The special effects are impressive (better than some of the first movies). NOTE: This is a Finnish movie so you may need to download the version with english subtitles.

I read about these from the December 2005 Wired article. An avid fan of the origional 1969 Star Trek series has decided to pick up where the origional series left off and is making his own episodes. Apparently, Paramount has agreed to look the other way as long as no profit is made from the episodes. So the new episodes are also free. Here is the New Voyages home page.

These are home grown episodes that appear to be in the realm of The Next Generation. I downloaded a few of these for grins and they are not terrible. Get your free eipsodes here.

Lastly, for more Star Trek information than you can shake a stick at (including other fan productions) out check out this Wikipedia article.

The idea of least privilege is not new. The Unix and Linux world has been on this track for a long time and I believe that this idea is finally getting some traction in the windows environment and none too soon. With all of the malware (viruses, rootkits, spyware/adware) out there restricting normal users should be a requirement for almost everyone.

In the windows world operating with least privilege means that you operate your computer day to day as a restricted user. This means that you are normally logged in under an account that does not have access to install programs, can not change systems settings, and more importantly, has very limited ability to bad things (like install malware)

Don't think you need to do this? Most antivirus and spyware removal products have no defense against the looming rootkit threat. To get an idea of type of threat people are facing check out this interesting eWeek article. Here is a quote excerpted from that article:

"You could say the average end user is a sitting duck," said Jamie Butler, director of engineering at HBGary Inc. and author of FU, one of the first proof-of-concept rootkits.

Self imposed restrictions like the ones I am suggesting here can go a long way to protecting a computer. Most bad software (think rootkits, spyware, and viruses) that try to covertly install on a computer operate at the same security level as the person logged in. So, if a person is logged in as a restricted user the software is not able install or make any changes to the PC. Conversely, if a a user is logged in to their computer is operating as an administrator (as most people are) the malware has full rein to do anything it wants to your PC.

My most recent personal experience with this security method amounts to locking down roughly 100 business desktop and laptop computers for a national contract service company. This has worked wonders. The secured computers are more stable and have remained completely free from malware infections. In addition, the machines that are locked down require less support because fewer things go wrong.

All business computers should be locked down. Almost all companies have some sensitive information stored electronically on their computers and having users logged in as administrators for normal activities is a security breach waiting to happen. Having current antivirus software, spyware detection and removal software, and a firewall is extremely important, however, it is also inadequate without further security measures.

Here is another very interesting eWeek article - Is System Lockdown the Secret Weapon? It talks about locking down computers in a business setting and gives some interesting stats and results that people have had from implementing this security measure.

Armed with this knowledge most people would agree that implementing this type of additional security make sense. The rub here is that there is almost always a trade-off between security and convenience. And restricting the normal users accounts is no exception.


WARNING: Before you restrict yourself you need to know your administrator password. If you restrict your normal account(s) and forget the admin password your will no longer be able to install software on your computer. Proceed here at your own risk.

1. Log in as the administrator
   
2. Click Start | Settings | Control Panel | Administrative Tools (You may need to Switch to Classic View to see this)
3. Open Computer Management and expand System Tools | Local Users and Groups and click on Groups. Your screen should look something like this:
4. Open the Administrators group and remove everyone except for the Administrator user. Here is an example:



5. Open the Power Users group and remove everyone
   
6. Open the Users group and add all of the appropriate users.
   

Here are a couple of the larger inconveniences that you can expect to run into when restricting your user accounts and some helpful information and links on how to operate in a non-admin mode.

Restricted users can not install software.
In order to install software log out and then log back in as the administrator to perform the software installation. When complete log back in as the regular user to enjoy the additional security.

In some cases it may not be necessary to log out of a restricted profile in order to install software. Many programs can be installed by right-clicking on the installation file and choosing the Run As option (in Windows 2000 you must hold down the Shift key while right-clicking in order to see the Run As option). This gives the user the ability to temporarily grant administrative access to the installation program so that it can complete the installation. Windows Vista (the new version of Windows that Microsoft is working on) will have enhanced User Account protection that should make this process easier and more secure. You can read about it here. Here is a screenshot of the Run As... dialog box:


Restricted users can not modify their power settings. This one is fairly annoying and I have personally fielded a lot of questions about this. Here is a link to a registry hack that will allow all users to modify their power settings. NOTE: Please be very careful modifying your registry settings as making mistakes can seriously damage Windows.

For other important things like installing printers, changing the data/time, installing software updates, etc... log in as the administrator, do your business, and log back out.

Also, check out "The Non-Admin blog - running with least privilege on the desktop." This is a valuable site with lots of good information.

AutoPlay is a feature that used to be nice to have, you just insert a CD (or other device) and it will automatically start a program or begin playing music. Given the current security landscape having this feature enabled may no longer be wise as many programs now don't play so nice anymore. (This is how the Sony rootkit gets installed automatically. See some of my previous posts if you don't know what I am talking about or just google "sony rootkit")

Many people may not consider is that it is very simple for someone to simply insert a USB key into a computer and things automatically start happening without any other action. This presents a very easy way for a hacker to steal corporate secrets or personal data from a desktop or laptop without ever touching a keyboard.

Here are some brief instructions for disabling this feature on Windows XP Pro. (If you are using a different OS a google search should quickly yield some instructions.)

1. Click Start | Run | and type in gpedit.msc and click OK
2. Expand Computer Configuration | Administrative Templates | System
3. Find the setting for Turn off Autoplay and open the properties
4. Select Enabled and Choose to Turn off Autoplay on: All drives
5. Next expand User Configuration | Administrative Templates | System
6. Repeat steps 3 and 4

Ok. Now this is some crazy stuff... Apparently Sony will install a rootkit on your computer (without asking and without notification in their EULA), if you insert some of their music CDs in your computer.

Mark Russinovich of Sysinternals figured this one out. Here is what happened in a nutshell: He bought a Van Zant CD that had some copy protection built in. What he did not know at first was that when the CD was inserted it automatically installed a rootkit on his computer without prompting.

Later as Mark was testing some of his software he was surprised to find a rootkit on his computer. Now there are few people around that rival Mark's technical skills in windows. And being the uber techie he methodically isolatedthe infection and traced this back to Sony and a company called First4Internet. Apparently, the rootkit was also not well written and could potentially have a negative impact on the users system. And uninstallation attempts will render your CD ROM useless.

For a very interesting read check out this article that Mark wrote about his discovery process. Also, here is an eWeek opinion article about it. And here is an informative Infoworld article.

It seems that this software may have been shipping on Sony CD's since early in 2005.

• Here is a link to the Sony site that publishes a utility to unhide the software
• Here is a link to a site that is compiling a list of the CDs containing this malware

I don't like the idea that software can get installed on my computer without my knowledge or consent that can potentially have a very negative impact on my system. I can't see how doing this could be good for Sony's music sales. And now that I am aware of this Sony stunt I am less inclined to buy CDs in their traditional retail form as it makes me wonder if this is the kind of thing the other labels might try.

I like iTunes. There is some DRM built in to the service, however, it uses reasonable restrictions (that they disclose) and you can get just about any music through their service for a very fair price ($.99/song). Interestingly the music industry is not happy about Apples success, however. Check out John Dvorak's opinion article about the matter. It is an eye opener.

I haven't blogged in a while, but I could not let this one slip by without saying something...

I ran across this awesome little software package late one night while researching SSL VPN software solutions. Apparently, this very talented Italian programmer (Rejetto) put together an extremely simple to use file transfer web server designed to aid in file transfer tasks. He calls it HFS (Http File Server.) This has to be one of the slickest pieces of software that I have run across in quite some time. Here is the scoop:

In about 5 minutes anyone can get their Windows computer running a web server specifically designed for transferring files. It is run from a single stand alone executable that will fit on a floppy and requires no installation. You simply double click, pick a couple of folders that you want to share with others and you're done.

By default the server runs on port 80, however, you can pick any port that you like. You can choose to password protect folders that you want to keep private. And in the latest beta version you even have the option of uploading files to the server.

You get all of this in a surprisingly clean and user friendly interface. And the best part about this is that this software is absolutely FREE as it is released under the GNU General Public Liscense (Open Source).

This one is definately going into my IT toolbox. I have only known about this for a week and I have already used it for some simple, time saving file transfer tasks.

Here are the relevant links:
The HFS home page
Lost of good information can be found in the forums.

Rejetto, many thanks for such an awesome product!

UPDATE 3/27/2006: Version 2.0 has just been released. You can download it here.

Open Office is an open source office suite package. Click HERE for the Open Office home page. This is a full featured product that provides basic office suite functionality (word processing, spreadsheet, and presentation). The two greatest things about this product are:

1. Because this is Open Source Software it is absolutely free.
2. It is compatible with Microsoft Office. The software can read and create documents in Word (.doc), Excel (.xls), and Powerpoint (.ppt) formats.

Another couple of very cool features are single click PDF conversion and the ability to export presentations and drawings to Macromedia Flash (SWF) format. A full feature list can be found HERE.

Here is my experience with the software so far:

We received ownership support to roll out Open Office to over 100 field users of a national contract service company. These users seemed like good candidates for this software as they only need basic office functionality with Microsoft Office compatibility.

The main decision to do this was based on cost. Employees need to be able to write letters, generate spread sheets and presentations and we had to do this the most cost effective way possible. Open Office seemed to fit the bill nicely.

The rollout has not gone without a hitch. A couple of the problems that we have run into are:

1. Document formatting inconsistencies -- We are in the process of correcting most of these problems by having a talented admin reformat our commonly used word documents to look normal when opened in Open Office or Word. So far, our complaints have been reduced.
2. Excel Spreadsheets macros do not work -- This is a larger problem only for people that use the complex features of Excel like macros and special formatting options. However, I have found that die hard excel users will not like Open Office. Most normal Excel function seem to convert without too much trouble.
   

Overall, moving to Open Office is resulting in thousands of dollars in software savings which, for now, is making some of the hitches with the conversion much more palatable.

As a general comment I think Microsoft Office is a fantastic product. It is definitely the industry standard and has some awesome features. However, from a business standpoint where basic functionality is needed Open Office is really hard to beat with a free price tag. And it would be irresponsible for any IT department to blindly follow the Microsoft Office path without at least examining the alternatives.

I will blog more on this topic at a later date and let you know how our Open Office rollout is going and how the issues are working out from a long term perspective.

Almost daily I have people telling me about their ailing home home computers. The common complaints I hear are: Running Slowly, Pop Up Ads, Strange error messages, and System lockups. Maybe you have had this same experience.

This problem is definately not limited to home users. Many business are now also plagued with dealing with the spyware epidemic.

I started to see the Spyware problem rear it ugly head about two years ago. Infected computers were so slow that they were almost unusable as all of the system resources were used up by these naughty programs. These programs are designed to run in the background to track your movements, give you advertisements, and sometimes even disguise themselves as helpful programs like browser search bars.

Rather than discuss what exactly spyware is and how it gets on computers I am going to cut to the chase and tell you my approach for removing this software from infected computers.

IMPORTANT NOTE: This software is becoming increasingly sophisticated and more difficult to detect and remove. The ONLY way to be certain that your computer is clean is to reload everything from scratch. Yes, that means backup your data, format your drive, reload your OS and application software, and restore your data. If you work for a company where security of your data is vital then I recommend that you develop an organized imaging program using a product like Symantec Ghost. I use this and it saves me an incredible amount of time.

With that caveat out of the way the following procedure may produce some good results.

1. Perform a virus scan using current definitions
2. Perform a spyware scan
3. Use a utility to see what is still running in memory
   
4. Perform a rootkit scan
5. Lock down the computer once everything is clean. (This is really important if you want to keep your machine clean.)
6. Educate yourself and your users.

The Details:

Use a spyware cleaning utility -- My favorite is Spybot Search & Destroy because it seems to work well and it is free. Install the software and use it to scan and clean your computer. (Remember to Update and Scan frequently.) Spybot also includes an optional memory resident utility that monitors your registry changes and alerts you if any programs attempts to make modifications to your system. You can then decide to allow or deny the change. This is very useful if you are running a computer that is not locked down. (Note, there are many other spyware removal utilities that you can pay for, however, the free utilities seem to be on par with many of the commercial versions so I recommend that you save your money.) Honorable mentions should go to the spyware scanner tool Ad-Aware (free for personal use). Lastly, another good resource for performing a virus and spyware scan is called Housecall. This is a free online service provided by Trendmicro.

After you clean your computer with one of the above mentioned utilities you should reboot and run the scan again. Some spyware applications will hide components designed to reinfect the host computer upon reboot if the main application is removed.

Use a utility that shows all programs running in memory -- I have run across several of these utilities and my favorite is a program called Autoruns from Sysinternals which, by the way, is also free. This little gem will give you a list of every program that is running on your computer and allow you to turn them on and off, do a google search if you don't know what the program is, and allow you to completely remove the registry entries from your system that cause the programs to execute. Apparently this program knows to look in some undocumented places where spyware might like to hide.

Scan for rootkits -- An important item that warrants mention here is rootkits. If you are interested in detailed information this Wikipedia article is a good place to start. In a nutshell, these are very nasty pieces of software are virtually undetectable by normal antivirus and spyware scans. Yes, that means that your antivirus scan and your spyware scan can indicate that your computer is totally clean, yet you may still have an infection. There are several "rootkit detectors" available that can find these things. One that I have used is Rootkit Revealer developed by Sysinternals. This is freeware and can be used to scan your computer.

Lock down your computers and have your users log in as a restricted users -- If your computers are running Windows 2000 or XP you can restrict the user profiles so that they operate in a secured or "locked down" mode. This prevents users or other sneaky programs from installing themselves on your computer or changing the system configuration. Only log in to the computer as the administrator when you need to install software or make changes. This provides a much higher degree of system operating stability and consistently. I have seen this work wonders. (Windows 9x and ME users are out of luck on the locking down the computer front. Time for an upgrade)

Educate your users - Tell your users what to do and what not to do. A good guideline to start with may include the following:

• Never click on a pop-up ad or message
  
• Never follow links in spam or any email that come from someone that you do not know
• Never agree to install a software program on your computer unless you know exactly what it is and why you need it.

For home users a good guide to start understanding some of the threats you face online is to look at this Cert article on home computer security. It has a bunch of good information convering multiple security topics presented in an easy to understand way.

Until my next installment...