Various cool software and more

Enhanced Mitigation Evaluation Toolkit 1.0.2

,

Microsoft has released a nifty FREE security ‘suite’ to protect just about any existing .exe file, this is done by hardening the existing compiled .exe file by adding DEP and other neat protection features (overflow protection etc) – for the “full” description see link at the bottom.

The documentation is sadly very poor, but here is a quick guide to getting started.

The concept would be something like this;

Download; http://go.microsoft.com/fwlink/?LinkID=162309

Install/copy the files to;

 C:\windows\system32

Find an exefile you want to protect (eg. notepad.exe)

Start a command prompt and type;

C:\>EMET_conf.exe --add c:\windows\notepad.exe

This is the output;

EMET 1.0.2 Adding c:\windows\notepad.exe to EMET-ized processes: Ok

Type;

EMET_conf.exe --list

to list all protected applications.

Once the above is done the application is protected, protected against what?  Well protected by among other DEPwhich will greatly improve security against buffer overflows etc. plus a few other protection schemes.  The cool thing is that this is done without modifying the application, and hence just about any application can be protected.  Note, not all applications may work when protected, if you protect an application that afterwards no longer work then unprotect it from a command prompt by typing

C:\>EMET_conf.exe --delete <application file> (eg. c:\windows\notepad.exe)

Warning!!!

Do not remove the EMET files from c:\windows\system32 before unprotecting the .exe files, the protected applications WILL NOT RUN without these files (they will still work on another machine, the .exe files are not modified).

Links;
http://blogs.technet.com/srd/archive/2009/10/27/announcing-the-release-of-the-enhanced-mitigation-evaluation-toolkit.aspx

http://go.microsoft.com/fwlink/?LinkID=162309

Update Nov 5th 2009;

After working a bit with this EMET I contacted their technical dept. to get some info on how it works (as mentioned the documentation is fairly superficial), and I actually got something useful back;

The protection is ‘obtained’ by setting a debug code that launches the application via the EMET launcher (EMET_launcher.exe), this is done by creating a key for the protected application under “Image File Execution Options” in registry “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options” .  Thus every time you launch the protected application the execution is intercepted by “Image File Execution Options” and passed on to “EMET_launcher.exe” and launched in a shielded environment.

An interesting detail is that if you include a path when adding an application (EMET_conf.exe –add c:\windows\notepad.exe) then this will only affect this one file (eg. c:\windows\notepad.exe), but if you only protect like this; EMET_conf.exe –add notepad.exe then ALL instances of notepad.exe will be protected (no matter where they are on the disk)..  Renaming a protected file will remove the protection, it only works by file name.

The latter might sound like fairly poor protection and/or easy to bypass, however keep in mind this is not an antivirus solution it is an additional shielding against known and unknown buffer overflow (and more)  for existing applications, so with this in mind I think it is ok..  EMET is an easy to implement additional security feature.

/by

SUN VirtualBox

, ,

sunpcSUN has a free virtualization platform called SUN VirtualBox, so whats new in that you might wander – many companies offer virtualization these days!?  The cool thing here is the word “Free” and lets add “Fast” to make it interesting, the solution is not only free it’s also fast and even somewhat compatible with Microsofts virtual pc format (it can import a .VHD file and start it without much hassle).

So if you are into a free, fast and quite well working Virtualization solution then take a look at “VirtualBox” from SUN.

http://www.virtualbox.org

Source;  I heard this ‘tip’ on the Windows Weekly podcast at Twit.

/by

PC Decrapifier

logoImagine this, you just bought a new netbook and even with a completely newly installed system you experience that it takes 3-5 minutes to start the pc (where it should only take 1-2 minutes), so what went wrong!?

Well often it is caused by stuff as Google Toolbar, Yahoo Toolbar and whatever “crap” the manufacturer stuffs onto a new pc..

Now you could go ahead and start cleaning up yourself, that is uninstall all the strange “crap” that is installed OR you could just download a neat pice of software “PC DeCrapifier” and this nice free software will deal with the “crap” for you by removing it – simple and easy..

Problemo solved.

/by

Microsoft Security Essentials – LMHost file

Just a quick update on my previous posting regarding “Microsoft Security Essentials”. It has been brought to my attention, that there is a minor issue during the installation process. – During the “Microsoft Security Essentials” installation the LMHost file is replaced with a new one, now most users will never notice this – but if you made additions to your LMHost file (for security or anti commercial wise) you might find this annoying and might have spend some time debugging before you found this (your original lmhost.ini is renamed to lmhost.bak btw).

Nothing major, just something to think about.

/1 Comment/by

Network Diagnostics

,

Here is a few – not so known – Network Diagnostics tools for you to use when debugging network issues;

From a commandprompt;

netsh diag ping gateway
netsh diag ping dns
netsh diag ping mail

From run in the “start menu”;

hcp://system/netdiag/dglogs.htm
/by

SkreemR MP3 search

, ,

skreemrbatA new google like type search engine for music files has emerged, http://skreemr.com/advanced_search.jsp (the advanced search page), you can here search for music and the service will then scour the Internet for the MP3 you seek and return a list of possible links.  Once you click a link the music is ‘streamed’ to your computer (right click on the link and save link as will allow you to ‘download’ the music).

It also has a custom software which can be downloaded here;
http://songr.co.cc/

Legality;
Some in Denmark claim that this is not ‘true’ streaming as the file is downloaded before or during playback and that you thus is breaking the copyright.  I don’t know, it’s a gray zone so you need to consider both the legality in your country and your continence also…  never the less an interesting search option.

/by

ShopUSA – interesting

I just stumbled across this service, www.shopusa.com, it offers a US address to where you can order your goods in the US – from here they will be shipped to you in Europe (or where you live) completely legal with tax, vat and everything.

Sounds interesting, I have for a long time wanted to buy stuff from “Think Geek” however they offer only one shipment method and it is ridiculously expensive for Europe.

Danes, read this; http://pleasure.dk/shopping/artikel/159811/

/by

Windows Vista – stop unscheduled reboots

wurestartvistauj2On a Windows Vista (and likely Win7) box the Windows Updates has gotten this nasty idea to automatically reboot your computer – if for some odd reason it feel like it, now where this may be useful in some sceneries I have had important video conversions disrupted by this exact behaviour. 

If you happen to be looking at your pc while the update is in progress you will see a warning, stating that the computer will reboot in 10 min and you can then choose to delay this up to 4 hours, but if you have set a large conversion of video files in motion – then you are likely watching a good movie instead and will come back to a computer laughing at you via its loginscreen.

Anyhow, it’s a simple thing to fix once and for all, you just have to do a bit of registry tweaking;

wrebootreg

Create this key;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers=1

 And Windows will behave after a reboot (that mean no more unscheduled reboots caused by Windows Updates)..

If you are lazy, then this blog offers a small utility to modify the registry for you 🙂
http://www.howtogeek.com/howto/windows-vista/prevent-windows-update-from-forcibly-rebooting-your-computer/

Problem solved…

/by

Online backup – yet another player

logo_main1I have before talked about Online backup, and now a new player has entered the arena https://www.carbonite.com. Well new and new, it would appear to have existed for some time, but I just recently heard about it.  Pricing is very similar to Idrive. 

I have not tested this service yet, but a quick comparison to the previous favorite (www.idrive.com) lists these pros and cons;

Pros;
Unlimited backup (not like Idrive where unlimited equals a fair use limit of 150GB, I never understood this)

Cons;
Data can be decrypted by the hosting company. This WILL require a subpoena, but never the less data CAN be decrypted, in the case of www.Idrive.com you can set your own encryption key for TOTAL privacy – for most this is not an issue, but if you are concerned about privacy this may be a dealbreaker, furthermore there is the issue of national law – what is legal to store in Denmark (where I live) may not be legal in the USA and vice versa eg. copyrighted music – having total privacy does tend to keep my mind at ease about such matters.

Conclusion;
It is interesting, but for now I think I’ll stay at www.idrive.com mainly because of the privacy issue, and besides I have already uploaded about 110 gb data *sigh* the thought of restarting the process can kill any initiative 😉

/1 Comment/by

AutoIT3 – Excellent scripting tool

, ,

autoit3If you once in a while work with installing software, then you HAVE to check this out.

http://www.autoitscript.com/autoit3/scite

It is a scripting language that will make it very easy to install and modify installed software installations, it uses a very intuitive VB variant that is very easy to understand and the help is just wonderful.  One of the VERY neat features is that once you have completed your install script you simply compile it and viola you have an .exe file, thus you can simply add an install.exe file to the package you wish to distribute and the enduser do not need to have any scripting engine etc. installed, it IS neat..

So you might think, “well if its a VB vaiant, why not just make the whole thing as a VB-Script” – well you could – but have you ever tried to access files/registry etc via a VB script, well sure it is possible but the code quickly become unnessesary complex, this scripting language is straight out of the bag – copyfile( from, to) as easy as that.

The scripting engine has support for;
System variabels (eg. @StartMenu = location of startmenu, @StartMenuCommonDir = location of All users start menu etc etc.)
File management (copy / delete / move files)
Directory management (copy / delete / move directories)
Registry access (read write)
Replay keystrokes

and a whole lot more..

This is from the introduction in the help file;
Easy to learn BASIC-like syntax
Simulate keystrokes and mouse movements
Manipulate windows and processes
Interact with all standard windows controls
Scripts can be compiled into standalone executables
Create Graphical User Interfaces (GUIs)
COM support
Regular expressions
Directly call external DLL and Windows API functions
Scriptable RunAs functions
Detailed helpfile and large community-based support forums
Compatible with Windows 95 / 98 / ME / NT4 / 2000 / XP / 2003 / Vista / 2008
Unicode and x64 support
Digitally signed for peace of mind
Works with Windows Vista’s User Account Control (UAC)

Inspiration;
If you are interested I have created an uninstall script for McAfee Virus Scan and ePO agent,

you can download it here for inspiration;
https://readmydamnblog.com/downloads/McAfee_Uninstall.au3 
or the compiled EXE version here
https://readmydamnblog.com/downloads/McAfee_Uninstall.exe

For more on uninstalling McAfee Virus Scan and ePO please see https://readmydamnblog.com/?p=147

/1 Comment/by