This morning I got the WordPress blog up and running on my own web site at www.leinss.com/blog. Please update all of your links to point to the new web site. I am going to place “pointer links” in each blog entry at Blogger so people redirected from old links can find the content at the new place. The blog entry on Filemon and Regmon has been moved the HOW-TO section of my web site. Each blog entry that represents a HOW-TO article will get a permanent home on my web site’s HOW-TO section as well.
– Soli Deo Gloria
Out with the old and in with the new. My new web site at www.leinss.com is up and running on a new host! A lot of content from my old site has been transferred over, except some of the really old stuff (like my how-to guide ripping guide TV shows using a TV tuner card). I can now run detailed statistics to see where hits are coming from and what the most popular areas of my web site are.
What do you want to see on my web site? Let me know by e-mailing me at web(..at..)leinss.com
-Soli Deo Gloria
Shortly, I will be moving my web page to a new web hosting company. The web page currently available will remain the same for now. I’m actually learning how to use Adobe Golive! to make a more aesthetically pleasing web site. However, once the new web page is in place, some of the links on this blog may break and pages will be moved around. It may be wise to save any articles or files NOW before I start breaking things!
The main site (www.leinss.com) is the one that should be bookmarked and not stealth.kirenet.com/~aleinss.
Update (10 PM): I made the change shortly after I wrote this. My web page is now up at the new provider Powweb. Unfortunately, after I changed my name servers to Powweb they wiped out my main MX record and reset it to mail.leinss.com. I have to now forward all of my incoming e-mail from Powweb to Tuffmail because the DNS propagation is going so darn slow (I might be in a walker by the time the Internet sees my new MX record).
2nd Update (1/8/06):
I had to go from Powweb.com to Dreamhost.com, because Powweb’s name servers wouldn’t take my MX record changes. I waited 22 hours and still no change. Dreamhost’s name servers picked up in the change in 30 minutes!
– Soli Deo Gloria
I’ve used various antivirus programs over the years and want to share my thoughts on some of them. Just recently I was running Symantec Antivirus 10 Corporate Edition. This is a no thrills antivirus program that doesn’t have any of the bloat of the retail version. A few weeks ago I came home and SAV informed me of a hacktool named SVKP.SYS in my Windows directory. I was quited alarmed, wondering how on earth I would have gotten a hacktool. I then went to play one of my favorites games, Command and Conquer Renegade only to find it did not work. Why didn’t it work? Well, it was because SAV had removed SVKP.SYS! See, I also run an addon to Renegade called Renguard. This addon ensures that I am not cheating by using various techniques. In order to prevent debugging tools such as Regmon and Filemon from disassembling and circumventing the program, it uses this tool kit to prevent Renguard from running if it detects these tools.
This is the problem with SAV. Whenever it finds a file that could be used with a virus its immediate action is to delete the file. Instead of this dumb action, how about letting the user decide what to do with the file? In the above case I would have done some research before blindly letting SAV deleting any file it wishes. In addition to doing this, SAV seems to take a ridiculous amount of RAM: 28 MB! 28 MB for what?
I then decided to try out Mcafee 8.0i. Unfortunately, it has the same problem as SAV: removing files that are not viruses, but valid security tools. Mcafee also took around the same memory (27 MB). I removed it at once as well.
I then tried NOD32. Again, it would find files that were not viruses which is really annoying, but at least NOD32 gave me the choice what to do with the files. Now that’s an anti-virus program I like to see! In addition, NOD32 only took up 18 MB vs. 28 MB for SAV and Mcafee. In addition to its small footprint, NOD32 also updates virus definitions DAILY. That means if a virus should break out you are much better protected then with Mcafee or SAV.
NOD32 is available for download for a 30 day trial.
-Soli Deo Gloria
After a boat load of bad press, law suits and warnings from the government, Sony decided to recall music CDs using its secret rootkit technology to enforce intellectual property rights. I have very strong feelings about copy protection which you can read here. This is the PDF version of a report I wrote for a class back in college. I think we may get to a point where media is plagued with so many protection systems that people will stop buying them. How much money did Sony save itself with this copy protection scheme? It has to recall all of these CDs, re-compile them, re-press them and re-release them.
Sadly, this is nothing new. Back in the good old days manufacturers intentionally put bad sectors on floppy disks so people couldn’t make backup copies of them. The problem with this approach is that floppy disks are inherently susceptible to corruption and not being able to make a backup copy seriously inhibits the user from using the software. Eventually, the manufacturers removed the copy protection due to decreasing sales.
With all of these copy protection schemes you think piracy would have slowed down or stopped. It hasn’t. In fact, the more protection schemes you have the more people you have looking for cracks. For example: Command and Conquer Renegade. This is one of my favoriate games. Despite verifying its serial online, the game requires me to keep the CD in the CD drive. Why? Well, I might have copied the CD from someone else. I have to keep removing the game CD every time I want to play another CD. Why should I have to bother myself with this? Why not go find a crack that removes the game’s ability to look for the CD? These copy protection schemes only prevent the truly clueless from bypassing them.
The music industry has made a special point of going after consumers that share music with law suits. We can only hope that consumers return the favor with this malware invasion of their personal computers.
-Soli Deo Gloria
Check out the blog entry Sony, Rootkits and DRM on Mark Russinovich’s blog. Very interesting read on how the music industry is using rootkits for installing their copy protection schemes! This will make you think twice before buying or loading a DRM protected CD.
-Soli Deo Gloria
This post is dedicated to Matt: my co-worker at my last job. He just found another job and I am very happy for him. Matt is very technical and through in solving computer problems. He single handedly rebuilt a NT 4.0 box that died in the cancer department and brought up the cancer software on a Windows 2000 machine with little to no documentation or media. He was also the administrator of our form routing server and tape backup man. He was also great in getting us to Windows 2000 from Windows 98 SE as a desktop standard for various departments. Hey Matt, you remember the Decision Support upgrade? Wow, what a pain that was! Oh what fun it is to convert a 10 year old program using scripts programmed by God knows who dumping data into a mainframe. However, Matt did it.
- Remember “Pizza Thursdays” in the cafe?
- Hitting the golf ball just right into the 1970’s golf ball returner?
- Videos from Ebaumsworld?
- A. Vicious?
- People also calling me Matt and you Adam?
- Throwing rubber balls at people’s heads?
All the best to you buddy.
– Soli Deo Gloria
Well, not really. I’ve been posting on news groups (USENET) since 1996 and was on FIDONet back in 1995 (remember the BBS days?). I’ve always found it fascinating how the Internet allows people to exchange information. What prompted me to start a blog was Mark Russinovich starting one here. To see what kind of geek I am you can check out my web page.
To start off this blog I’ll describe how I fixed an Excel upgrade problem yesterday. I was assigned a task of upgrading Excel 2000 to Excel 2002 on a PC running Windows XP Professional. Easy, right? Upon installing it and testing it as myself it worked fine. The next day the user called me stating it was crashing. Indeed, it was crashing quite hard. The application seemed fine until you went to File>Open and then it went to never-never land. Since it worked as me this boiled it down to a permissions or NT profile issue. I reved him back to Excel 2000 which surprisingly worked fine. The next day I went back to reinstall Excel 2002 and check things out while the user was at a meeting. Upon checking the local administrator’s group I saw that the user was already an administrator on the machine, thus eliminating a permissions issue.
I then started up Filemon which is a excellent little freeware utility by our friends at Sysinternals. I setup a filter in Filemon to just show me the excel.exe entries. The last file it read was C:\windows\system32\davclnt.dll. I decided for fun to rename this file to see if that would fix the problem. Of course, this action was not really logical….after all, it would have used the same file logged in as me, right? Any ways, I renamed the file and the appeared back within seconds. Drats! Windows File Protection (WFP) rears its ugly head. Introduced in Windows 2000 WFP protects critical Windows system files by looking for changes. If you touch a critical file by renaming, deleting, or overwriting it, Windows copies the “good file” from a secret folder called dllcache. For a while you could disable WFP by setting “SFCDisable” to FFFFFF9D in the registry. However, Microsoft later removed this feature with their service packs for Windows 2000 and XP.
To get around this you can hex edit the sfc_os.dll file. However, this didn’t work for me and is a bit messy. I like using XP Lite for this purpose. There is a trial version available for download that the author states “is yours to keep!“. In the trial version there is an option to turn WFP On, Off or to Disable it. So I can turn it off, do my dirty work and when I reboot, WFP turns itself back on. Well, getting back to davclnt.dll: renaming it did not work. I started to think the problem was in the HKEY_CURRENT_USER (HKCU) part of the registry (logged in as that user of course). So I started up Regmon this time pausing it just before I went to File>Open. I then saw something interesting. Under HKCUNetwork there was a bunch of drive mappings and one of those mappings was pointing to a bogus server! I exported this key out (always export trees before you start deleting them!) and then deleted it. Tada, problem solved!
Now the interesting question is: why didn’t this happen with Excel 2000? Who knows. In this instance deleting the user’s NT profile may have been quicker. However, I’ve only been at this company for a month and therefore I am not well versed with all desktop standards. Besides, the user was gone and his NTUSER.DAT file was 4MB: that’s a lot of information to just throw away!
That’s it for now. Look for an upcoming article on making hardware independent ghost images for Windows 2000 and XP.