Replies

That Firefox 3.6.4 update is not only for stability. There’s at least a couple of security fixes in there. But the headline is the Chrome-like ability to stay up and running even if a plug-in crashes. If a whole Firefox tab crashes, however, you will still probably be out of luck.

-- rc primak

I also relied on a BartPE to run my copy of Image For Windows (http://www.terabyteunlimited.com) and backup my system. While it still works on my upgraded workstation, it does not work on my new Dell laptop. I just got notification from Acronis that their Disk Director 11 is compatible with Win7 and got a copy. After installing I see that it includes the option to create a bootable media that will either boot linux or WinPE (which they have links for the files you’ll need). Looks pretty good. I’ll update after testing it out.

Mr. Jiggs

If you like the Acronis products, remember that every registered user of True Image Home can download and burn an ISO (CD image) version of True Image. This is a bootable recovery environment which works on everything from Windows XP through Windows 7. There is a BartPE version (as a downloadable plug-in for a BartPE CD building program) and the Acronis (Linux-based) version. Either can run in a stand-alone Boot CD environment. They both can use any recent Acronis backup archive as a recovery source, on just about any media or an external drive.

Combined with the Disk Director disk management/ disk recovery tools, Acronis offers a very good suite of disaster recovery tools. They’ve saved my bacon more than once.

I’ve been waiting for an e-mail from my Acronis reseller about Disk Director 11. I guess I should ask him about when he will have it available.

29 June 2010 Update — just got the newsletter from my reseller, and ordered Disk Director 11. Stores don’t seem to have it yet, but it is available from the Acronis site.

-- rc primak

Just a sidebar here, but these sorts of lost e-mail issues do not require any special backup software.

In each computer user’s Application Data folder, there is a sub-folder called Thunderbird. Everything you need to run Thunderbird for that user is there. I just copy that folder to an external drive once in awhile, and if anything goes flakey with T-Bird, just delete the Thunderbird Application Data folder, and replace it with the backup copy. I’ve gotten out of several Eudora/Thunderbird jams that way (My e-mail client has the Eudora/Penelope skin, but it’s basically Thunderbird under the hood.) As long as the backup data are not unstable, the restored Thunderbird will be as good as new, and the disappearing e-mail problems should go away for awhile.

There is a practical limit as to how much mail can be stored in the Thunderbird inbox without losing all or part of it. I have never reached that limit, but I use Local Folders to archive older mail. Those folders almost never lose messages. Compacting the folders and emptying the trash once in awhile seems also to help a bit with stability. But having the full application data folder backed up seems to be the best strategy, in my experience.

(For those who do use IMAP, remember, ONLY your Local Folders are not synced with the remote server in this type of e-mail scheme. That means that for IMAP, maintaining separate Local Folders is ESSENTIAL! I learned that the hard way.)

Another thing I recommend is to limit how many Extensions you plug into T-Bird.

-- rc primak

I would use a firewall in addition to Malwarebytes, so that you could get alerts as to what process is trying to connect to that IP Address. You really need both the destination and the originating process to track down what’s going on in these cases. The objective is not to block the outbound traffic, but to track down which process spawns the traffic. That would be the best way to stop the problem, if indeed it is a problem, and not normal behavior for some program or process on your computer.

Comodo Firewall with Defense Plus will tell you the information about the process. PC Tools Threatfire could also probably track down the process. Both programs are free, and would not conflict with Malwarebytes. Then you could find out what on the local computer is trying to access this IP Address. Right now you only have about half the data you need to know anything for sure.

-- rc primak

A couple of things:

First, be VERY careful about declaring that an Anti-spyware program is malware! The posting suggesting XP-Antispy was probably referring to a legitimate product from a-squared, which is of limited use, but is not malware. Many malware programs have names VERY close to legitimate Antispyware products. Along the same lines, I am not familiar with Smart Buster, but the program looks interesting. I just wonder whether it has safeguards against accidentally shutting down or removing something necessary to run Windows.

Second, be VERY careful about disabling Wndows Services! Automatic Updates must be set to load with Windows if you do not want to have to go manually to the MS Updates website each month to download and install the MS Updates. Even then, you must manually enable Automatic Updates Service and set it to Automatic each time you want to download and install the updates. MS Updates will NOT WORK without this setting! BITS must also be set to Manual or Automatic to get MS Updates to work. Black Vipre notwithstanding, there is a practical limit to how much speed-tweaking you can do for Windows startup.

My own laptop has the most trouble loading its Intel ProSet Wireless Networking driver. This one can take two to five minutes to load, and sometimes does not load completely due to timing out. Updating the driver has had little effect — it is just a poorly-written driver and always will be. So drivers can certainly contribute to slow Windows load times. This situation can also be made worse by AV boot-time scans (Avast) or aggressive firewalls (Comodo or Zone Alarm). A balance between security and stability can usually be reached, but it can be a tricky detective exercise. Voice of experience here.

And, Clint, I have ctfmon active on my laptop, but I do not have any MS Works or MS Office programs, and never have had them. Other programs need this service, so I would leave it active at startup.

Could “53 apphk” really be “S3 apphk” ? That would be a video output driver application hook, and while not absolutely needed, it should be allowed to run at Windows startup.

-- rc primak

usn journaling is the way the NTFS File System reconciles disk errors without having to reformat the partition. Over time, disk errors, usually in the Indexing or Security Parameters areas, will accumulate, and the NTFS journaling will have to reconcile more often. Also, Checkdisk operations will take longer as indexing gets more complex and introduces more errors. Eventually, the errors become too great for journaling to overcome, and the partition must be reformatted.

Without journaling, each error would have to be fixed as it occurs, and this can take a looooong time! Examples of non-journaling file systems are FAT-16, FAT-32, and the original Linux ext-2 and ext-3 file systems. More modern file systems all use journaling. Just remember, until Checkdisk /-r is run from outside of Windows, the errors are never truly repaired, and journal checking will take place each time the computer boots. Checkdisk /-r can be scheduled to occur before your next Windows boot by running Checkdisk from within Windows, but checking off the box to “fix errors”. Even if no errors are reported at that time, Checkdisk will run before your next boot, and some repairs may be done then. Or maybe not — Windows can be a bit flaky that way.

I recently did a System Restore on my laptop, and now each time the computer boots, it shows a progress bar (and nothing else) which works its magic in one to three seconds. Annoying, but not a problem, and booting is completely normal otherwise. I believe this is an example of journal checking before each Windows boot. Right now it is harmless, but things could get worse. Needless to say, I have made an Image Backup of the partition just in case things really go south. And I have a backup image from just before the problem which required a System Restore, so I should be OK.

This is one more reason you should be doing weekly full image system backups for Windows.

-- rc primak

Nice brain-teaser: change every shortcut icon + its name. Next day try to remember which is which —

When an icon shows up with the description “Shortcut to 012abd23_2001.exe” with the generic Windows “.exe” default icon, you’d better believe I’m going to change the name and the icon to something I can rremember MORE easily! That’s how my shortcuts often start out, especially if they are to downloaded plug-ins or installers. Downloaded PDF manuals for free programs also often have carzy names and generic icons. I don’t change icons or captions just for fun.

-- rc primak

Paragon Backup and Disk Manager (the link is for the Paragon bundle) will do all the file moving and partition shrinking anyone would need, to reclaim that wasted space in 64-bit Vista or Windows 7. And Paragon also will defragment and consolidate (optimize) the partition if you desire. Acronis Disk Director 11 will be coming out soon, and will be capable of doing similar things. Even the Linux g-Parted program doesn’t care about 32-bit vs. 64-bit Windows partitions, as long as they are NTFS (which nearly all are nowadays).

Shrinking a partition with data scattered within it is not dependent on the “bittedness” of the Operating System. The differences are between the partitioning programs themselves, and again, disk utilities like these are not sensitive to the “bittedness” of the Operating Systems installed on the disk. They are only sensitive to the File Systems themselves. And in that regard (for NTFS), Windows is Windows is Windows, regardless of version number or “bittedness”.

The one exception is any “Hidden Recovery Partition”, but they are so small that you probably won’t even notice they are there. Just don’t delete the Recovery Partition by accident.

-- rc primak

In answer to the question about stand-alone icon editors, yes, there are many of these. I don’t like most of them because they crash a lot, or produce poor results, or are not intuitive to use. The IrfanView method seems to me to pass the KISS test (Keep It Simple, Stupid).

Greenfish Editor (stand-alone, not an installed program) is one which works better than most. (Unfortunately, the program’s Home Page is in Hungarian.) Paint .NET can also save images as icon files, but it is not as simple to use as IrfanView, and it needs .NET Framework.

-- rc primak

Thanks again Bob, Adobe does not seem to give the option of NOT using their DLM either. Most of us with high speed connections do not need to use any sort of download manager for these simple downloads. It also irritates me to no end when S/W manufacturers bundle assorted unwanted apps, toolbars, etc with their S/W. And some of these unwanted apps are difficult to spot unless you read every button and option before clicking. Just shows how important it is to know what you are clicking on before doing so, just like the fraud security warnings.

The reason for the Download Manager is (from Adobe’s point of view) a matter of control. Since the DLM is proprietary, no other site can host downloads of Flash Player which will install and work like the genuine article. Also, the toolbars, download managers, auto-updaters, etc. bring in advertising revenues from Adobe’s commercial partners. In general, whenever you see something offered for free, but there are riders like these, just follow the money and you will get the answers to most of your questions.

As I say, if I could get a clean flash player which would work with the modified players at the streaming video sites, I’d drop Adobe in a flash, pun intended.

-- rc primak

What I advise for Flash Player, is to remove the Active-X and Firefox Plug-in old versions first (I use Revo Uninstaller). Then go to the Google “test Flash Player” result at Adobe’s site. This will tell you you need to download the latest version, and it will link you to the official download page. There you will see which version will be offered. If it is not the current latest version (which occasionally happens), I go to FileHippo’s site to get the latest non-beta version.

Be advised: Adobe uses a terribly insecure “download manager” which is a really nasty piece of junkware. After downloading and installing the Flash Player you need, get rid of both the Firefox (Plug-in) and IE (ActiveX) versions of “Adobe DLM”. In Firefox, you will do this through your Add-Ons manager window. The ActiveX control can be removed using Revo Uninstaller. Follow up with a CCleaner Registry and System cleanup and reboot.

Be also advised: I got into security conflicts with the Firefox Adobe DLM plug-in. The problem became so severe that my Windows drivers would not load. I had to go into Windows Safe Mode and remove both Firefox plug-ins (DLM and Player), do a Safe Mode CCleaner cleanup, and start over. The second time, things worked out OK.

One other thing about Version 10.1: This Flash Player upgrade makes driver-level changes in your computer, to enable Hardware Graphics Acceleration. There is no opt-out for this. In addition to security conflicts (like my installation issues), diver-level Windows instabilities can result. Make a full system backup, including drivers, before getting this version of Flash Player. Even a system restore may not be able to undo the damages which this version can (rarely) cause. And the damages can occur the first time a web site or video uses Hardware Graphics Acceleration, not just at the time of installation of the upgrade. So, if you let Flash Player do its thing the way it wants to (and you have no choice in most cases), happy crashing! (Most recent Windows computers will not experience crashing, but better safe — with a backup — than sorry. Especially if you are running older hardware.)

I don’t mean to sound too paranoid, but Adobe (not just with FLash Player) has a long history of messing up Windows computers, installing unwanted bloatware features, and then taking no responsibility for the Windows slowdowns or damages their products have caused. But Flash Player is so widespread on the Internet, and free alternatives (like VLC Player) are so useless at streaming sites (like Hulu.com) that we have no real alternatives at this time. Only site webmasters can improve this situation, and they have a profit motive not to allow any alternatives. (Don’t get me started on the many ways Flash Player allows spying on you while you are watching streaming videos!) So for the present, we are stuck with this less-than-perfect way of presenting active web content.

And no, I do NOT side with the Steven Jobs/Apple Computer/HTML-5 camp, either. Same problems there, only worse.

And (as was posted earlier) do remember to uncheck the McAfee VirusScan toolbar when upgrading Flash Player. Unless you like browser clutter, that is.

-- rc primak

I registered to post that several offerings of Paragon Software (namely their Virtualization Manager and System Upgrade Utilities) include a feature called “P2V Adjust”, which I imagine is similar to what Shadow Protect Desktop does – it takes a disk image of a Windows installation and modifies it (probably in ways Microsoft never particularly intended) so that it can be used in a virtual machine with little to no fuss. I’ve used it successfully with an old Windows 2000 installation so far, though of course it probably works with later versions. (Paragon is a big supporter of giveawayoftheday.com – if you wait long enough an appropriate product will probably be featured there again.)

I imagine Mr. Langa’s method is substantially less useful for disk images of installations from hardware that differs more substantially from VMware’s or Virtual PC’s emulated hardware.

(And yes, I did register just to post this.)

(etc.) …

Yes, I have read good things about that feature of Paragon Backup. It is one of the things which make some folks prefer Paragon over Acronis. It does not surprise me that Paragon does so well at creating and restoring Virtual Machines, as this product family got its start not as a consumer-level product, but as a company which specialized in Business Solutions. They still have some advantages because of that legacy. And Paragon’s offerings are miles ahead of Shadow Protect, from what I’ve read on the subject.

-- rc primak

A lot of the AV engines used by Virustotal show nothing, especially when a piece of malware is new. So the aggregate scan is very useful. Since I was scanning the entire collection of Nirsoft stuff, there were over 100 programs for any of the engines to take a shot at flagging.

The heuristics are problematic; To be fair, some of the things that Nirsoft utilities do are darn close to a lot of (portions of) malware. One of the points of my article was that it can boild down to intent, which no AV program has any hope of determining.

I think you are right — some of us rely too much on AV heuristics, and that’s where a lot of false positives come from. And it is true, that no heuristics algorithm has yet been devised which can discern intent, nor accurately predict the end-result of letting certain malware-like processes run their course. The attitude (and I sort of agree with this) is “better safe than sorry”. In other words, “Deny first, then allow once the application is proven safe”. That’s good advice if you can quarantine or sandbox an application (which I can do now, thanks to Comodo Sandbox), but it is a bit strict when dealing with a lot of freeware system-level utilities, such as the NirSoft family.

In the case of NirSoft, maybe the Virus Total results give good guidance, but I have found some cases (of other safe freeware) where the results have been a lot less clear-cut. That’s all I was pointing out in my post.

I was mainly pointing out that the NirSoft uninstaller may have been the focus of the false-positive I got (from Malwarebytes), and perhaps this is the specific cause of any false-positives others may have gotten for the NirSoft family of utilities. It helps to be able to narrow down one’s focus when evaluating possible causes of false-positives.

-- rc primak

In answer to:
#5 Geoff Holcomb

I have had numerous networking and Remote Access issues with my Windows XP, SP3 laptop ever since the botched MS Update MS10-021 (KB 979683) tried to install itself back in April of this year. It was reoffered over and over again, and after a chat session and phone support, I was told to uncheck the update, and tell MS Updates never to show me the update again. My hardware proved to be incompatible with this Windows kernel-level security patch, and it somehow messed up Network Connections. The patch unfortunately can not be removed last I heard, so I am stuck with a laptop which does not do Remote Desktop anymore, and has some other networking issues.

So perhaps it is not the Vista machine which is causing the problem, but the Windows XP computer, especially if it has rather old hardware or out of date drivers. Even if there were no problems updating the Wondows XP machine, it may have been altered by the update I mentioned, or by the IE8 rollup, or the ActiveX Killbits patches. Otherwise, more investigation may be needed.

I also read at https://www.askwoody.com about at least one Vista patch which has had similar unwanted consequences. Check out the June Black Tuesday writeup over there and the Comments for more details.

-- rc primak

Bob,
Hello, and thank you for the idea ! As i have IrfanView …. for photo manipulation , could you please explain the basic’s of using IrfanView to do this . I’m sure that there are many of us (me) who have no idea. Regards fred

It’s really quite simple.

Load any suitable graphic or image file (I prefer jpeg or GIF formats) into Irfanview. It’s as simple as right-clicking the image file, and choosing Open With… and selecting Irfanview as the application. Then, once the image is loaded, I sometimes remove unnecessary details, but the end result can be saved as an Icon File Type (.ico). Irfanview does the rest, once you select a location in which to save the resulting icon file.

What Irfanview has done is just to convert the image file to a .ico file type. Irfanview will pop up a dialog box and ask a few questions about the icon size and resolution, but I usually choose the defaults. This produces good results as long as there isn’t too much detail in the original image, and there is good contrast between the background color and the colors of the subject of the image. The background color will usually become the “transparent color” which you select for your icon.

This trechnique even works for converting Clip Art (bitmap) images into icons. I find an endless supply of icon ideas just by using Google Image Search. I definitely feel no need to limit my icons to whatever Microsoft or some freeware programmer provide with their products. No ugly or obscure icons for me!

By the way, I even changed the icon for the Irfanview desktop shortcut, because the author thinks Pandas are cute. But they also bring to mind Panda Antivirus, which I do not want to think I have (no offense intended towards that Company). Instead, I replaced the Panda icon with a little “Irfan” (those crazy little winged things that used to be the Irfanview icon). Same thing for the Thumbnail Viewer, for which I have created a separate desktop shortcut. (I use Folders to classify my desktop icons, but in Windows 7 you could use Libraries. For Windows XP, there are several free programs which help corral those icons, one of which is Fences . Check out the screenshots there, then decide about downloading the program. )

-- rc primak