Today I was locking down a computer lab and ran into problems with adobe photoshop 6.0. Up until now, all users were administrators on the machines that they were working on. We have had little problems and the politics are easier to deal with.
Spyware is finally taking a lot of our time, so we want to take some steps to avoid it. Running everyone as a limited user is the simplest security step to take. We just have to keep the programs that they use working. That brings us to Photoshop.
When running as a limited user, photoshop starts to load. It errors out with a message about a file that is locked. The first two obvious security setting that need to be checked are the permissions on the TEMP folder and the Program files\adobe\photoshop folder. If the TEMP folder is in the user profile, it will not be a problem. We had it redirected to c:\windows\temp and that caused us a few problems.
Photoshop also saves settings in the application folder*, so we decided to grant full access to that folder. This method worked for most programs that have problems. The registry is also a place to look, but the messages talking about locked files kept me looking at the filesystem. When that did not solve it, I looked to my toolbox for help.
I loaded up sysinternal's filemon.exe to watch what files photoshop was not able to access. It showed Photoshop trying to create and then open a temporary file (the swap file) on the root of the C: drive. I added a advanced security permition that allowed full read/write access to the drive and I checked the box that says apply to this folder only (so I don't give them full access to everything, just access to files on the C).
Finally after that, Photoshop was able to run with out any problems. I tried to search for this and could not find it. The only solution was to use FAT32 instead of NTFS when formatting. What good is a limited user if you run on FAT32.
To sum up the changes:
Give user group read/write access to c:\program files\adobe\photoshop
Give user group advanced read/write access to c:\ and ONLY apply it to "this folder only"
verify user group has read/write access to %temp% folder.
* I was working from an existing install, I did not try to reinstall it. Some programs give you the option "Just for me" or "For Everyone" and that makes a difference.
Some problems you just can't search on. Here are some I wish were more searchable and this blog is my attempt to make that happen.
Wednesday, March 09, 2005
Wednesday, March 02, 2005
Spyware can be stopped
I have 2 ideas for stopping spyware or at least make the game more exciting. I think would work if someone could get the right people behind them.
1) Patents. That is a hot topic. Software patents and how they are harmful to the software industry. Someone should compile a list of patents that spyware is using or create a think team to patent new ideas before they use them. They will either work around the patents or get the laws changed.
2) Companies should sue for the use of their hardware for profit. Users of big companies click yes to the EULA, but it is the companies property and the spyware is using system resources for advertising. I have heard of cases in the past where hackers stole idle time from computers and the companies cam down on them with the full wrath of the law. Why is this any different.
IANAL, but I think both of these sound reasonable. If someone forms a patent team, I already see few things spyware could be doing, but isn't. This epidemic will get worse before it gets better.
1) Patents. That is a hot topic. Software patents and how they are harmful to the software industry. Someone should compile a list of patents that spyware is using or create a think team to patent new ideas before they use them. They will either work around the patents or get the laws changed.
2) Companies should sue for the use of their hardware for profit. Users of big companies click yes to the EULA, but it is the companies property and the spyware is using system resources for advertising. I have heard of cases in the past where hackers stole idle time from computers and the companies cam down on them with the full wrath of the law. Why is this any different.
IANAL, but I think both of these sound reasonable. If someone forms a patent team, I already see few things spyware could be doing, but isn't. This epidemic will get worse before it gets better.
Tuesday, March 01, 2005
This is not news, its the way it is
It is sad that the internet has become so hostile. At work I connected one of our servers to a connection on the outside of our firewall for some remote support (didn't have the VPN papers signed yet). The moment that I enabled the nic, the server informed me that the RPC Service has failed and the computer will shut down.
I was foolish for not checking the patch levels. I assumed that someone else was on top of that. A mistake I will not make again. But home users have problems of their own. They don't know they have to keep it up patched. If I had my grandma running Linux, I would be the one patching it. What about converting all my friends and family to Linux. I would be so overwhelmed keeping each one current.
As it stands, I format, install XP /w SP2, change their user accounts to limited access, install spyware detection, antivirus, leave the firewall and automatic updates on, and finally put firefox on the desktop.
At the same time, I have to explain why XP is better than the 98 or ME that came with the computer, what SP2 is and why it takes so long, what a firewall is, what firefox is, why I created a special admin account for them to install stuff with and why the should never surf the web while logged into admin with the red background.
And if you are a slashdot regular, I am not telling you anything new. I should release this as a news story, but as we all know, this is not news. Its just the way it is.
I was foolish for not checking the patch levels. I assumed that someone else was on top of that. A mistake I will not make again. But home users have problems of their own. They don't know they have to keep it up patched. If I had my grandma running Linux, I would be the one patching it. What about converting all my friends and family to Linux. I would be so overwhelmed keeping each one current.
As it stands, I format, install XP /w SP2, change their user accounts to limited access, install spyware detection, antivirus, leave the firewall and automatic updates on, and finally put firefox on the desktop.
At the same time, I have to explain why XP is better than the 98 or ME that came with the computer, what SP2 is and why it takes so long, what a firewall is, what firefox is, why I created a special admin account for them to install stuff with and why the should never surf the web while logged into admin with the red background.
And if you are a slashdot regular, I am not telling you anything new. I should release this as a news story, but as we all know, this is not news. Its just the way it is.
Sunday, February 27, 2005
What about the rest of the spyware?
spyware scanners only get 50% - 70% of all known spyware. Using two scanners help, but that's a large percentage of spyware that still get by. I just scanned a system with Microsoft's Antispyware and it removed every thing it found, but the realtime protection was still indicating that something was trying to change my browser addresses.
I want to put together a guide to tracking down that last 10% of spyware that gets overlooked by the scanners. Some simple developer tools can be very powerful in the tracking down spyware. Sysinternals has a good collection of tools that I want to talk about with tracking down spyware in mind.
I want to put together a guide to tracking down that last 10% of spyware that gets overlooked by the scanners. Some simple developer tools can be very powerful in the tracking down spyware. Sysinternals has a good collection of tools that I want to talk about with tracking down spyware in mind.
Saturday, February 26, 2005
IDownload and ISpyware
I think the fall off IDownload and ISearch has started. They may have screwed up. They want every reference to them being spyware removed. I am not saying that Idownload or ISearch are spyware or adware. I don't care if they are malware or not. As you search the web now, the talk about them trying to shut up the small sites and antispyware vendors is what every one will see.
One site, http://spywarewarrior.com/ has a blog with great antispyware information. They never came out and said that IDownload or iSearch are spyware, they listed what spyware scanners were looking for. IDownload and ISearch just happened to be on that list.
See: SpywareWarrior Responds to iSearch/iDownload
It it were my computer, I would remove it. But that's my opinion
One site, http://spywarewarrior.com/ has a blog with great antispyware information. They never came out and said that IDownload or iSearch are spyware, they listed what spyware scanners were looking for. IDownload and ISearch just happened to be on that list.
See: SpywareWarrior Responds to iSearch/iDownload
It it were my computer, I would remove it. But that's my opinion
Friday, February 25, 2005
Spyware is like cancer
Once it is in your system, you are not going to get it out. Ok, maybe today. But as the fight goes on, they will win if they get the first attack.
For example, I see them create a dummy key in the registry under run. It watches for it to be removed and reboots the system.
The are already watching that key. Try deleting it and press F5. It comes back. I have seen it many times. It doesn't take much more work to reboot the computer. Crappy spyware already crash the system.
At that point...
reformat, reinstall
For example, I see them create a dummy key in the registry under run. It watches for it to be removed and reboots the system.
The are already watching that key. Try deleting it and press F5. It comes back. I have seen it many times. It doesn't take much more work to reboot the computer. Crappy spyware already crash the system.
At that point...
reformat, reinstall
Work harder, I know you can ...
Why am I always bringing computers to their knees. On my own machine, I can understand it. But I also over work our servers. I do this all the time. I get tired of it. If I have time to write about it while I watch it process ....
This time is unusual, but it just reminds me how much it happens. I am looking at a system that I will be working with and I want to diagram the database structure. Sounds simple, doesn't it? My problem is the database size. 600 tables. All the tools I am using are choking on it. SQL Server Diagrams and Visual Studio place all the tables in a row if no relationships are defined. At first glance, the database has very few relationships (in the database, I think it is managed in code). Visio 2003 has done the best job so far. It will group the tables on the page. As I work with all 600 tables, the memory requirements are more then my computer wants to deal with.
I am looking at trying to display possible relationships, but that is not working either. Visio is very programmable, but I can not find a way to access each shapes database fields. Either it can not be done, or my search terms are to vague. I wanted to loop through each shape's Primary key and connect it to any table that has a matching field name. Without the ability to talk to the field names, it cant be done.
My next thought was to build the relationships in the database. I attached a copy of the working database and researched my commands. It generated the SQL I wanted to run. As I was running it, I realize that most tables have multiple fields in their Primary Keys. My code did not account for that. It doesn't have to be exact. I am trying to reimport into visio, but it looks like I over worked it even though it eventually finishes. I do have to say that I have not crashed visio yet.
Each step takes way to long (On both the server and my workstation). I feel as if I have done nothing all day and it iritates me. I will eventually send the diagram to the printers and post it on my wall. 100 x 120 inches.
This time is unusual, but it just reminds me how much it happens. I am looking at a system that I will be working with and I want to diagram the database structure. Sounds simple, doesn't it? My problem is the database size. 600 tables. All the tools I am using are choking on it. SQL Server Diagrams and Visual Studio place all the tables in a row if no relationships are defined. At first glance, the database has very few relationships (in the database, I think it is managed in code). Visio 2003 has done the best job so far. It will group the tables on the page. As I work with all 600 tables, the memory requirements are more then my computer wants to deal with.
I am looking at trying to display possible relationships, but that is not working either. Visio is very programmable, but I can not find a way to access each shapes database fields. Either it can not be done, or my search terms are to vague. I wanted to loop through each shape's Primary key and connect it to any table that has a matching field name. Without the ability to talk to the field names, it cant be done.
My next thought was to build the relationships in the database. I attached a copy of the working database and researched my commands. It generated the SQL I wanted to run. As I was running it, I realize that most tables have multiple fields in their Primary Keys. My code did not account for that. It doesn't have to be exact. I am trying to reimport into visio, but it looks like I over worked it even though it eventually finishes. I do have to say that I have not crashed visio yet.
Each step takes way to long (On both the server and my workstation). I feel as if I have done nothing all day and it iritates me. I will eventually send the diagram to the printers and post it on my wall. 100 x 120 inches.
All about the DHCP server callout API functions.
I have looked for this before, I just didn't know what to search for.
I have looked for scripting dhcp, loading dhcp as a ActiveX control, and commandline access. And I never found what I was looking for.
I was wanting to track DHCP requests and limit who is to receive them. This is exactly what I needed.
other questions. How would this work with VB.NET? I probably shouldn't write DHCP dll's in managed code, but VB is our standard language. Would it be easyer to write a wrapper in C++ to let me do the work in VB.NET? Any thoughts?
What about running 2 DHCP Servers on the same box and loading custom DLL's. I want one group of computers to get one ip range and another to get a different range. Would that be possible, or am I dreaming.
All about the DHCP server callout API functions.
I have looked for scripting dhcp, loading dhcp as a ActiveX control, and commandline access. And I never found what I was looking for.
I was wanting to track DHCP requests and limit who is to receive them. This is exactly what I needed.
other questions. How would this work with VB.NET? I probably shouldn't write DHCP dll's in managed code, but VB is our standard language. Would it be easyer to write a wrapper in C++ to let me do the work in VB.NET? Any thoughts?
What about running 2 DHCP Servers on the same box and loading custom DLL's. I want one group of computers to get one ip range and another to get a different range. Would that be possible, or am I dreaming.
All about the DHCP server callout API functions.
I can see it now, spyware introduced flash adds
On slashdot.org there was a talk about flash bassed adds and how popular they are becomming. It is harder to block them. Some simple solutions were talked about, but I see the advertisers have some simpler solutions. They havent been challenged yet.
My favorite trick is the F5 key. When an add is displayed, a cookie is usualy saved that says you have seen the add (or they track it another way). What F5 does is reload the page. Now you are viewing the page a second time and they think you saw the add so they will not show it again. Either that or they show the add every time and that would get annoying. Remember F5
Now that advertisers are switching, I thing spyware and adware will also make the switch. Imagin browsing windows updates and a free download add appears for you to click on. You click yes because it is microsofts site. you system is toast.
Reformat, Reinstall.
My favorite trick is the F5 key. When an add is displayed, a cookie is usualy saved that says you have seen the add (or they track it another way). What F5 does is reload the page. Now you are viewing the page a second time and they think you saw the add so they will not show it again. Either that or they show the add every time and that would get annoying. Remember F5
Now that advertisers are switching, I thing spyware and adware will also make the switch. Imagin browsing windows updates and a free download add appears for you to click on. You click yes because it is microsofts site. you system is toast.
Reformat, Reinstall.
Spyware, worse than viruses.
Its like cancer. It truly is. The majority of home user problems that I have to deal with is related to sypware, adware, malware. Tonight I spent 3 hours with a customer rebuilding his machine. He was suffering from several problems that just scream spyware. IE would not work, home page was blank. Attempting to type in a site failed to connect, then the browser would choke on the spyware inserted failed connection page. Wen to check network connections and there were none. I tried to add one and the needed service was not started.
Ok, that last one was odd. Every service was set to disabled and none of them were running. I had never seen that before. Trying to enable or start any of them resulted in a unhelpfull error message. I had already planned on rebuilding, so I quit trying to fix it.
Format, Reinstall.
Ok, that last one was odd. Every service was set to disabled and none of them were running. I had never seen that before. Trying to enable or start any of them resulted in a unhelpfull error message. I had already planned on rebuilding, so I quit trying to fix it.
Format, Reinstall.
spyware, at what point do you give up?
I was working on this machine that was so infected, evey time I went to a new webpage, 3 more IE windows would open. It a good thing I knew what I was looking for. ActiveX controls tried to install twice on my way. After finaly downloading a spyware cleaner and installing it, then scanning and finding 45 threats. I cleared them, rescanned and found 3 more. Those 3 kept comming back. I tried to kill the related process, but it would just start up again. I tried several trick and the google results had way too many steps. After I finialy cleared all the threats, I still had browser popups. I gave up after 1 1/2 hours.
Format, Reinstall
Format, Reinstall
Sunday, February 20, 2005
Blog with content ...
I am experimenting with my 2 new blogs. One will be "advertised" and the other will be invisible. The antispyware blog is the one I find most interesting. As I find topics and post them, I leave comments on the target site that link back to my blog (if commenting is available). The other one will just get the content. After a few days of minimal work, I have gotten 12 visitors to the antispyware blog and 0 to the other one.
As I am looking for good antispyware content, I find other content relating to spam, antivirus, and security. I am tempted to post links to them to help raise their search rankings. But I am making my blogs to narrow.
Here is one such blog that deserves more attention Ann Elisabeth (spam huntress), she has some excellent blog Spam related posts.
http://www.annelisabeth.com/pc/pc17.htm
http://www.annelisabeth.com/blog/archives/000314.html#more
As I am looking for good antispyware content, I find other content relating to spam, antivirus, and security. I am tempted to post links to them to help raise their search rankings. But I am making my blogs to narrow.
Here is one such blog that deserves more attention Ann Elisabeth (spam huntress), she has some excellent blog Spam related posts.
http://www.annelisabeth.com/pc/pc17.htm
http://www.annelisabeth.com/blog/archives/000314.html#more
Monday, February 14, 2005
Hot Topics
I just launched two new blogs. One is a subject that I run into all the time. antipyware. The other is just interesting at the moment. North Korea's Nukes.
I am constantly dealing with spyware. Either from users at work or from friends and family. It has gotten out of control and my quick tricks no longer work.
I am constantly dealing with spyware. Either from users at work or from friends and family. It has gotten out of control and my quick tricks no longer work.
Tuesday, February 08, 2005
Every problem is a nail
When your only tool is a hammer, why do all your problems look like nails. In response to my last post, I think XML is my hammer. I do feel that it was a creative solution that in the end has not saved me much work. But the problem set I was working with was more fun. It had a freshness to it that database updates no longer have.
At one time, I wanted to use XML for just about everything. I realize when its useful or over kill. Programming projects like my survey generator/processor could be heavy in code, but it is a tiny project mostly XML and XSL.
At one time, I wanted to use XML for just about everything. I realize when its useful or over kill. Programming projects like my survey generator/processor could be heavy in code, but it is a tiny project mostly XML and XSL.
Creative Solutions
A little while ago I got a request to build a simple survey. It was one page with about 10 questions. Before I started, I realized it was just as easy to write a generic survey processor then to fully code the survey. Each new survey gives me time to work on the generic processor instead of manually building surveys. Different requirements gives me a new set of features.
My generic processor takes input from any web form and wraps it up with XML. All I do is add the form elements and let the processor do the rest. This method works really well for most studies.
I am currently working on building 5 questionnaires. Two of then have over 100 questions and all the questions are free form fields. The reporting requirements are completely different from just handing over an excel spreadsheet. Yet again I found myself writing a generic report processor and with that ground work out of the way, I can also generate the survey.
If I put all the survey questions in a XML file, I can generate the surveys and generate results inline with the original questions. This sounds overly complicated, but it is very simple to implement with XML, XSL, CSS, and a little server side script.
My generic processor takes input from any web form and wraps it up with XML. All I do is add the form elements and let the processor do the rest. This method works really well for most studies.
I am currently working on building 5 questionnaires. Two of then have over 100 questions and all the questions are free form fields. The reporting requirements are completely different from just handing over an excel spreadsheet. Yet again I found myself writing a generic report processor and with that ground work out of the way, I can also generate the survey.
If I put all the survey questions in a XML file, I can generate the surveys and generate results inline with the original questions. This sounds overly complicated, but it is very simple to implement with XML, XSL, CSS, and a little server side script.
Wednesday, January 19, 2005
Orbyk - Point of contact
The development of Orbyk is underway. The visuals are fairly raw but I have gotten collision detection to work. Calculating point of contact for the rebound was another story.
It took several attempts to get it right and I am still tweaking it. I spent too much time figuring out complicated math that when it did work, it still didn't help me (but I still needed to do it to know that it would not work). I had one solution that worked well at very slow speeds. It turns out that the closer to the objects edge the detected collision was, the more accurate the calculation was. Once I realized that, after detecting a collision, I would slowly back the object up until it almost didn't register the collision and then did the calculation.
Some collisions that are exactly on the edge or corner could be calculated wrong. I have been too lazy to correct it at the moment ( When I make the main shape a sphere instead of a cube, it will have to change), So I added rebound validation. If I detect a rebound off of a side, I verify that another block is not resting up against that side. If a block does exist to that side, then the calculation was an edge case and was wrong.
I had it working beautifully until I added user input and decided that I was representing speed and direction in a poor way. In the process of correcting movement, I had to revisit my collision and rebound logic.
It took several attempts to get it right and I am still tweaking it. I spent too much time figuring out complicated math that when it did work, it still didn't help me (but I still needed to do it to know that it would not work). I had one solution that worked well at very slow speeds. It turns out that the closer to the objects edge the detected collision was, the more accurate the calculation was. Once I realized that, after detecting a collision, I would slowly back the object up until it almost didn't register the collision and then did the calculation.
Some collisions that are exactly on the edge or corner could be calculated wrong. I have been too lazy to correct it at the moment ( When I make the main shape a sphere instead of a cube, it will have to change), So I added rebound validation. If I detect a rebound off of a side, I verify that another block is not resting up against that side. If a block does exist to that side, then the calculation was an edge case and was wrong.
I had it working beautifully until I added user input and decided that I was representing speed and direction in a poor way. In the process of correcting movement, I had to revisit my collision and rebound logic.
Thursday, January 13, 2005
Orbyk
Orbyk was a PocketPC game that I wrote in college. It is like the game breakout, except upside down and in 3D. The view of the game is directly over the top of the game area so you see the ball bounce up towards you and then fall back down to the floor. The bricks are layed flat on the floor and are not stacked. The paddle was removed. To move the ball, you would use the stylus to give the ball spin in the direction that you wanted the ball to go. When it would move in the new direction when it hit the floor. So you had to think one bounce in advance.
The 3D part was simulated. The walls and bricks were designed to look like they have depth. The ball was rendered on the fly. It was like a 4 colored beach ball. The colors made the spin easy to see. We also shaded it to give it more depth.
The rendering was all done manually. We worked directly with the raw display memory. All of our images, tiles, and fonts were hand crafted in NxN arrays, one RRGGBB hex pixel at a time.
Redrawing the whole screen would tear. You could see the rip on the display if we cycled all the colors. To account for this, the only time we would redraw the whole display was at state changes ( menus, pause, or lost and gained focus). The ball was in constant motion. We rendered the ball directly over the existing seen and rubbed out only what was left of the ball from the seen before. We tried clearing the ball before drawing it again, but we could see it rip each frame. The ball rendering was optimized as much as possible.
It was a very addictive game and it quickly ran the battery out on my PocetPC every chance it got.
The 3D part was simulated. The walls and bricks were designed to look like they have depth. The ball was rendered on the fly. It was like a 4 colored beach ball. The colors made the spin easy to see. We also shaded it to give it more depth.
The rendering was all done manually. We worked directly with the raw display memory. All of our images, tiles, and fonts were hand crafted in NxN arrays, one RRGGBB hex pixel at a time.
Redrawing the whole screen would tear. You could see the rip on the display if we cycled all the colors. To account for this, the only time we would redraw the whole display was at state changes ( menus, pause, or lost and gained focus). The ball was in constant motion. We rendered the ball directly over the existing seen and rubbed out only what was left of the ball from the seen before. We tried clearing the ball before drawing it again, but we could see it rip each frame. The ball rendering was optimized as much as possible.
It was a very addictive game and it quickly ran the battery out on my PocetPC every chance it got.