Archive for the 'Tips & Tricks' Category

Free disk space analyzer

Published on September 14, 2006 in Freeware Applications and Recovery & Troubleshooting. Comments

Today I was looking for a way to view the amount of space each folder/directory was taking up on a clients rather full computer. There are many licensed applications that do this. I wanted a free one.

The following application did the job perfectly and I highly recommend it:

TreeSize Free V1.78

Every hard disk is too small if you just wait long enough. TreeSize Free tells you where precious space has gone to. TreeSize Free can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. Scanning is done in a thread, so you can already see results while TreeSize Free is working. The space, which is wasted by the file system can be displayed and the results can be printed in a report. TreeSize Free is freeware for Windows 9x/NT/2000/XP.

It can be downloaded from here. The publishers website is here.

TAGS: Free disk space analyzer analyser

Remote desktop XP to Ubuntu Linux

Published on August 16, 2006 in OS Tips & Tricks, Ubuntu and Windows XP. Comments

It took me some time to figure this one out. I found many sites / blogs / wikis / forums giving very elaborate instructions on how to do this, but they all seemed much to complicated. What I wanted to do seemed like a simple “want” to me. How do I access my Ubuntu linux box remotely (over the LAN) from a windows xp machine? My linux machine runs Ubuntu. If you are trying to RD into another distro you will have to modify these instructions accordingly. So here is what I did:

  1. Activate XDMCP on Ubuntu - SYSTEM >> Preferences >> Remote Desktop - “Allow other users to view your desktop” - “Allow other users to control your desktop”
  2. Install Cygwin/X onto the Windows XP machine. - Download and run setup.exe from http://www.cygwin.com/ - Install the standard packages on Cycwin/X along with :

    - X11 –> X-Startup-scripts - X11 –> xorg-x11-base (this will set a lot of x11 dependencies to install also — you want to install these)

  3. Run Cycgwin
  4. In the Cgywim terminal enter the following command: $ XWin.exe :1.0 -unixkill -scrollbars -screen 0 1280 1024 -emulate3buttons -once -query (NAME / IP) & Put the name of the linux computer or its IP address
  5. You should then see the Ubuntu login page. Voila.

It’s possible I installed one or two other things on the Ubuntu system. I don’t recall just now as I tried so many other ways to get this functionality working I now forget exactly what was done for what. If you try the above and it does not work, let me know and I’ll figure out what else has to go onto the Ubuntu system. I know I installed freeNX although I am not sure if this was for the Cygwin connection or not. If you want to use SSH to Ubuntu via Cygwin there are some instructions here. I tried various SSH related ways of going about this. SSH from Windows directly and SSH via the Cygwin terminal. I kept getting the error that the port was not open. I tried port 177 (which XDCMP users) and 5901 and others, all to no avail. I am not sure how to make these ports available from Ubuntu. But the Xwin route works great.

A little extra info on this tip can be found here, along with links for further research 

A Guide to Producing a Secure Configuration for Outpost - Outpost Firewall User’s Support Forum

Published on July 29, 2006 in Anti-virus Firewalls and Malware. Closed

Outpost Firewall is the one I have been using for a couple of years now. If you also use Outpost then it is important to make sure you have the configuration that suits your needs whilst also providing as much security as possible. There is a great guide on the Outpost forum covering all the key areas of concern. If you’re an Outpost user wishing to configure Outpost with excellence check this forum message out… 

A Guide to Producing a Secure Configuration for Outpost - Outpost Firewall User’s Support Forum
Outpost Firewall User's Support Forum

Dependency Walker

Published on July 29, 2006 in Recovery & Troubleshooting. Comments

There is a useful tool for troubleshooting applications that are playing up called Dependency Walker. I imagine only an advanced user would find it of value though, along with developers.

Dependency Walker (depends.exe) Home Page

Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.

Dependency Walker is also very useful for troubleshooting system errors related to loading and executing modules. Dependency Walker detects many common application problems such as missing modules, invalid modules, import/export mismatches, circular dependency errors, mismatched machine types of modules, and module initialization failures.

Dependency Walker runs on Windows 95, 98, Me, NT, 2000, XP, 2003, and Vista. It can process any 32-bit or 64-bit Windows module, including ones designed for Windows CE. It can be run as graphical application or as a console application. Dependency Walker handles all types of module dependencies, including implicit, explicit (dynamic / runtime), forwarded, delay-loaded, and injected. A detailed help is included.

Firewall leak tester

Published on July 26, 2006 in Anti-virus Firewalls and Malware. Comments

The following site provides a lot of useful information, tips, and tools regarding PC security. If you wish to learn more about how to secure your PC from malware and intrusion over the Internet I suggest you check it out.

It’s over at: http://www.firewallleaktester.com/index.html

Microsoft OneCare Fails

Published on July 26, 2006 in Anti-virus Firewalls and Malware and Windows Software Tips. Comments

I am not sure how Microsoft manage to do it. It’s just one of those ongoing mysteries in this world of ours…

Microsoft is one of the largest companies in the world, with more money and technical resource than any other software developer in Earthly existence, and yet they consistently fail to turn out software that does what one would expect it to do (and without doing all sorts of crap one would not expect nor want it to do). Microsoft are preparing to launch their first attempt at a full firewall product called OneCare. It one seem that OneCare is more than one step away from caring enough to be worth using as a firewall system. I refer to the following media release from Agnitum, the highly respected makers of Outpost Firewall (a product I’ve been using for a few years now).

Concern expressed over low level of customer protection provided

28 JUNE 2006, ST.PETERSBURG, RUSSIA - SAN JOSE, CALIFORNIA. The firewall security experts at Agnitum, developers of the widely-acclaimed Outpost Firewall product family, have conducted an in-depth analysis of Microsoft’s new OneCare Firewall, part of Microsoft’s “Live” security initiative. The results are so far below industry standards that the company felt obliged to share the results of its analysis with the public.

Highlights of the report include the following:

  • The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users’ PCs wide open to being hijacked into a botnet

  • The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot

  • Application access rules are limited to ‘allowed’ and ‘not allowed’ - users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites

  • Similar limitations apply to network file access and remote desktop operations

  • The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution, and is updated on a separate schedule than other OneCare components

Agnitum engineers also found compatibility issues with OneCare - but not the ones they had expected. Before installing the software, they already had a firewall running, as would most people. OneCare did not request the de-installation of any existing firewall, so Outpost Firewall Pro was left in place. OneCare worked smoothly alongside Outpost Firewall Pro - so smoothly that Outpost was the first to monitor the system, ask questions and protect the user, not OneCare.

The full analysis can be found on the Agnitum website at http://www.agnitum.com/r/firewall/onecare/

“Microsoft has tried to create software for novice users, making it very limited in settings and customization. The problem is, they’ve gone too far. OneCare is too simple. Yes, it’s easy to use. But unfortunately, it doesn’t provide much protection,” says Alexey Belkin, Chief Software Architect at Agnitum. “This ‘one product for everyone’ attempt is likely to end up being ‘one product for no one.’ The product itself looks like it was designed as a mandatory part of the operating system, and that is simply shortchanging users who haven’t yet decided what security solution to invest in.”

The business community worldwide, as well as the firewall security vendor community, has reacted swiftly to the appearance of this new player, not only from a technology perspective but also from the point of view of Microsoft’s business practices. Reactions concerning “predatory pricing” (first discussed by Sunbelt president Alex Eckelberry in his blog http://sunbeltblog.blogspot.com/2006/06/microsoft-practices-predatory-pricing.html) are arising, primarily that Microsoft is setting artificially low prices. But “cheap” doesn’t equal “good value,” as can be seen in the Agnitum analysis of the OneCare firewall.

“No one is underestimating the potential impact of Microsoft entering the Internet Security market, but at Agnitum we are seeing this development having more positive than negative effects,” says Mikhail Penkovsky, Global VP of Sales & Marketing at Agnitum. “The updating of the Windows Firewall in Vista makes a clear statement that the personal firewall is a must-have; Outpost and other third-party firewalls will still be there for customers when they realize - as many will - that the protection provided by OneCare is extremely limited. Our key distributors and resellers are in full agreement that OneCare is nice to look at but that’s pretty much all there is to it.”

About Agnitum ltd.

Founded in 1999, Agnitum (www.agnitum.com) is committed to delivering and supporting high quality security software products. The company’s headline products are Outpost Firewall Pro, securing personal and family computers, and Outpost Network Security, ensuring reliable endpoint protection and performance for small business networks. Agnitum firewall technology is licensed by Novell, Sophos, and Lavasoft.

Windows XP Netorking - TCP/IP

Published on July 13, 2006 in OS Tips & Tricks. Comments

For those wishing to customise the way TCP/IP is handled on Windows XP the follow MS Knowledge Base article(s) may be of assistance…

Microsoft Baseline Security Analyzer (MBSA)

Published on July 11, 2006 in Windows Software Tips. Comments

Microsoft has a free tool called “Microsoft Baseline Security Analyzer” or MBSA for short. If you use Windows XP then this can be a useful tool for checking up on your computer’s security status in accordance with MS security recommendations. Here’s the intro to it from Microsoft.

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

MBSA 2.0 offers an intuitive user interface and more informative dialogs compared to previous versions. Using the new Windows Update Agent and Microsoft Update catalog, MBSA 2.0 has automatically expanding product support.

It’s home page lives here… Microsoft Baseline Security Analyzer (MBSA).

Anti-virus malware product comparison

Published on July 4, 2006 in Anti-virus Firewalls and Malware. Comments

In the post Online Malware Virus Scan we took a look at how different anti-virus products pick up on different infections, and how you can’t ultimately trust any one product when it gives you a “clean” result. So how does one determine which anti-virus product is the best and how one anti-virus product compares to another? There is a way…

Take a look at the Anti-virus Product Comparison at av-comparatives.org.

They put all the major anti-virus products through the test-mill every few months and publish the results online.

Online Malware / Virus Scan

Published on July 4, 2006 in Anti-virus Firewalls and Malware. Comments

Not all malware / virus scanners are the same—that’s for sure. Each will pick up on different viruses and malware depending on a whole host of factors. So how can you be sure that your anti-virus program has given you an accurate analysis of the suspicious file you’ve just scanned and determined to be “clean”?

Here’s an example of what I mean.
I use NOD32 on my laptop. The latest definitions are installed.
Today I scanned a file I knew was infected with malware. NOD32 said it was clean. I though, “Hmmm… that’s odd”.
I took the file to an online scanner that runs it through 15 different scan systems. It came up as infected on 7 of them, and clean on the remaining 8.

The moral of the story? Each scanner is only as good as the definitions being feed into it, and different scanners are updated with new definitions at different times and rates. Therefore, if you have a file that you know may be infected (such as any executable you download from the internet from anything other than the most reputable websites) don’t rely on your malware scanner if it says “File clean”.

The best site I know of for online scanning of individual files is located at http://virusscan.jotti.org/

My results were as follows:
          Online malware scan

File: earth_keygen.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) MD5 9c7bfe25c63ddb4a2bdc61c5b8175263 Packers detected:

Scanner results
AntiVir                            Found Trojan/Drop.Microjoin.BX
ArcaVir                          Found nothing
Avast                             Found nothing
AVG Antivirus                Found Dropper.Generic.FTB
BitDefender                   Found nothing
ClamAV                         Found nothing
Dr.Web                         Found Trojan.Mezzia
F-Prot Antivirus             Found nothing
Fortinet                         Found W32/Agent.APH!tr
Kaspersky Anti-Virus    Found Trojan-Dropper.Win32.Microjoin.bx
NOD32                         Found nothing
Norman Virus Control  Found nothing
UNA                              Found nothing
VirusBuster                  Found Trojan.DR.Microjoin.BI
VBA32                          Found Trojan-Dropper.Win32.Microjoin.bx

Bad Behavior has blocked 77 access attempts in the last 7 days.