Please note that some of these tips require you to use a Registry Editor (regedit.exe), which could render your system unusable. Thus, none of these tips are supported in any way: Use them at your own risk. Also note that most of these tips will require you to be logged on with Administrative rights.
Unlocking WinXP's setupp.ini
============================
WinXP's setupp.ini controls how the CD acts. IE is it an OEM version or retail? First, find your setupp.ini file in the i386 directory on your WinXP CD. Open it up, it'll look something like this:
ExtraData=707A667567736F696F697911AE7E05
Pid=55034000
The Pid value is what we're interested in. What's there now looks like a standard default. There are special numbers that determine if it's a retail, oem, or volume license edition. First, we break down that number into two parts. The first five digits determines how the CD will behave, ie is it a retail cd that lets you clean install or upgrade, or an oem cd that only lets you perform a clean install? The last three digits determines what CD key it will accept. You are able to mix and match these values. For example you could make a WinXP cd that acted like a retail cd, yet accepted OEM keys.
Now, for the actual values. Remember the first and last values are interchangable, but usually you'd keep them as a pair:
Retail = 51882 335
Volume License = 51883 270
OEM = 82503 OEM
So if you wanted a retail CD that took retail keys, the last line of your setupp.ini file would read:
Pid=51882335
And if you wanted a retail CD that took OEM keys, you'd use:
Pid=51882OEM
How do I get the "Administrator" name on Welcome Screen?
========================================================
To get Admin account on the "Welcome Screen" as well as the other usernames, make sure that there are no accounts logged in.
Press "ctrl-alt-del" twice and you should be able to login as administrator!
finally worked for me after i found out that all accounts have to be logged out first
Fix Movie Inteferance in AVI files
==================================
If you have any AVI files that you saved in Windows 9x, which have interference when opened in Windows XP, there is an easy fix to get rid of the interference:
Open Windows Movie Maker.
Click View and then click Options.
Click in the box to remove the check mark beside Automatically create clips.
Now, import the movie file that has interference and drag it onto the timeline. Then save the movie, and during the rerendering, the interference will be removed.
Create a Password Reset Disk
============================
If you’re running Windows XP Professional as a local user in a workgroup environment, you can create a password reset disk to log onto your computer when you forget your password. To create the disk:
Click Start, click Control Panel, and then click User Accounts.
Click your account name.
Under Related Tasks, click Prevent a forgotten password.
Follow the directions in the Forgotten Password Wizard to create a password reset disk.
Store the disk in a secure location, because anyone using it can access your local user account
Change Web Page Font Size on the Fly
====================================
If your mouse contains a wheel for scrolling, you can change font size on the fly when viewing a Web page. To do so:
Press and hold Ctrl. Scroll down (or towards yourself) to enlarge the font size. Scroll up (or away from yourself) to reduce the font size.
You might find it useful to reduce font size when printing a Web page, so that you can fit more content on the page.
WinXP Clear Page file on shutdown
=================================
WINXPCPS.REG (WinXP Clear Page file on shutdown)
This Registration (.REG) file clears the Page file when you power off the computer.
Restart Windows for these changes to take effect!
ALWAYS BACKUP YOUR SYSTEM BEFORE MAKING ANY CHANGES!
Browse to: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ Session Manager \ Memory Management
and add the DWORD variable "ClearPageFileAtShutdown"=dword:00000001
You can also do this without reg hacking.
Go to Control panel Administartative tools, local security policy. then goto local policies ---> security options.
Then change the option for "Shutdown: Clear Virtual Memory Pagefile"
Group Policy for Windows XP
===========================
One of the most full featured Windows XP configuration tools available is hidden right there in your system, but most people don't even know it exists. It's called the Local Group Policy Editor, or gpedit for short. To invoke this editor, select Start and then Run, then type the following:
gpedit.msc
After you hit ENTER, you'll be greeted by gpedit, which lets you modify virtually every feature in Windows XP without having to resort to regedit. Dig around and enjoy!
Forgetting What Your Files Are?
===============================
This procedure works under NTFS.
As times goes along you have a lot files on your computer. You are going to forget what they are. Well here is way to identify them as you scroll through Windows Explorer in the future.
This procedure works under NTFS.
1.. Open up a folder on your system that you want to keep track of the different files you might one to identify in the future.
2.. Under View make certain that you set it to the Details.
3.. Highlight the file you want to keep more information on. Right click the file and you will get a pop up menu. Click on properties.
4.. Click on the Summary Tab (make sure it says simple not advanced on the button in the box), You should now get the following fields,
Title,Subject, Author, Category, Keywords, Comments
You will see advanced also if you have changed it to simple, Here will be other fields you can fill in.
5.. Next you can fill in what ever field you want.
6.. After you finished click the apply button then OK.
7.. Next right click the bar above your files, under the address barand you should get a drop down menu. Here you can click the fields you want to display.
8.. You should now see a list with the new fields and any comments you have done.
9.. Now if you want to sort these just right click a blank spot and then you sort the information to your liking.
Temporarily Assign Yourself Administrative Permissions
======================================================
Many programs require you to have Administrative permissions to be able to install them. Here is an easy way to temporarily assign yourself Administrative permissions while you remain logged in as a normal user.
Hold down the Shift key as you right-click on the program’s setup file.
Click Run as.
Type in a username and password that have Administrative permissions.
This will also work on applications in the Start menu.
Create a Shortcut to Lock Your Computer
=======================================
Leaving your computer in a hurry but you don’t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screensaver.
To create a shortcut on your desktop to lock your computer:
Right-click the desktop.
Point to New, and then click Shortcut.
The Create Shortcut Wizard opens. In the text box, type the following:
rundll32.exe user32.dll,LockWorkStation
Click Next.
Enter a name for the shortcut. You can call it "Lock Workstation" or choose any name you like.
Click Finish.
You can also change the shortcut's icon (my personal favorite is the padlock icon in shell32.dll).
To change the icon:
Right click the shortcut and then select Properties.
Click the Shortcut tab, and then click the Change Icon button.
In the Look for icons in this file text box, type:
Shell32.dll.
Click OK.
Select one of the icons from the list and then click OK
You could also give it a shortcut keystroke such CTRL+ALT+L. This would save you only one keystroke from the normal command, but it could be more convenient.
Create a Shortcut to Start Remote Desktop
=========================================
Tip: You can add a shortcut to the desktop of your home computer to quickly start Remote Desktop and connect to your office computer.
To create a shortcut icon to start Remote Desktop
Click Start, point to More Programs, point to Accessories, point to Communications, and then click on Remote Desktop Connection.
Click Options.
Configure settings for the connection to your office computer.
Click Save As, and enter a name, such as Office Computer. Click Save.
Open the Remote Desktops folder.
Right-click on the file named Office Computer, and then click Create Shortcut.
Drag the shortcut onto the desktop of your home computer.
To start Remote Desktop and connect to your office computer, double-click on the shortcut
Instantly Activate a Screensaver
================================
Turn on a screensaver without having to wait by adding a shortcut to your desktop:
Click the Start button, and then click Search.
In the Search Companion window, click All file types.
In the file name box, type *.scr
In the Look in box, choose Local Hard Drives (C or the drive where you have system files stored on your computer.
Click Search.
You will see a list of screensavers in the results. Pick a screensaver you want. You can preview it by double-clicking it.
Right click on the file, choose Send To, and then click Desktop (create shortcut).
To activate the screensaver, double-click the icon on your desktop
Add a Map Drive Button to the Toolbar
=====================================
Do you want to quickly map a drive, but can’t find the toolbar button? If you map drives often, use one of these options to add a Map Drive button to the folder toolbar.
Option One (Long Term Fix)
Click Start, click My Computer, right-click the toolbar, then unlock the toolbars, if necessary.
Right-click the toolbar again, and then click Customize.
Under Available toolbar buttons, locate Map Drive, and drag it into the position you want on the right under Current toolbar buttons.
Click Close, click OK, and then click OK again.
You now have drive mapping buttons on your toolbar, so you can map drives from any folder window. To unmap drives, follow the above procedure, selecting Disconnect under Available toolbar buttons. To quickly map a drive, try this option.
Option Two (Quick Fix)
Click Start, and right-click My Computer.
Click Map Network Drive.
If you place your My Computer icon directly on the desktop, you can make this move in only two clicks!
Software not installing?
========================
If you have a piece of software that refuses to install because it says that you are not running Windows 2000 (such as the Win2K drivers for a Mustek scanner!!) you can simply edit HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProductName to say Microsoft Windows 2000 instead of XP and it will install. You may also have to edit the version number or build number, depending on how hard the program tries to verify that you are installing on the correct OS. I had to do this for my Mustek 600 CP scanner (compatibility mode didn''t help!!!) and it worked great, so I now have my scanner working with XP (and a tech at Mustek can now eat his words).
BTW, don''t forget to restore any changes you make after you get your software installed
You do this at your own risk.
Use your Windows Key
====================
The Windows logo key, located in the bottom row of most computer keyboards is a little-used treasure. Don''t ignore it. It is the shortcut anchor for the following commands:
Windows: Display the Start menu
Windows + D: Minimize or restore all windows
Windows + E: Display Windows Explorer
Windows + F: Display Search for files
Windows + Ctrl + F: Display Search for computer
Windows + F1: Display Help and Support Center
Windows + R: Display Run dialog box
Windows + break: Display System Properties dialog box
Windows + shift + M: Undo minimize all windows
Windows + L: Lock the workstation
Windows + U: Open Utility Manager
Windows + Q: Quick switching of users (Powertoys only)
Windows + Q: Hold Windows Key, then tap Q to scroll thru the different users on your pc
Change your cd key
==================
You don't need to re-install if you want to try the key out ... just do this:
1. Go to Activate Windows
2. Select the Telephone option
3. Click "Change Product Key"
4. Enter NOT ALLOWED ~ Zabref
5. Click "Update"
Now log off and log back in again. It should now show 60 days left, minus the number of days it had already counted down.
Note: If your crack de-activated REGWIZC.DLL and LICDLL.DLL, you are going to have to re-register them.
Remove the Shared Documents folders from My Computer
====================================================
One of the most annoying things about the new Windows XP user interface is that Microsoft saw fit to provide links to all of the Shared Documents folders on your system, right at the top of the My Computer window. I can't imagine why this would be the default, even in a shared PC environment at home, but what's even more annoying is that you cannot change this behavior through the sh*ll
: Those icons are stuck there and you have to live with it.
Until now, that is.
Simply fire up the Registry Editor and navigate to the following key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders
You'll see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this, all of the Shared Documents folders (which are normally under the group called "Other Files Stored on This Computer" will be gone.
You do not need to reboot your system to see the change.
Before: A cluttered mess with icons no one will ever use (especially that orpaned one). After: Simplicity itself, and the way it should be by default.
This tip For older XP builds
===================
Edit or remove the "Comments" link in window title bars
During the Windows XP beta, Microsoft has added a "Comments?" hyperlink to the title bar of each window in the system so that beta testers can more easily send in a problem report about the user interface. But for most of us, this isn't an issue, and the Comments link is simply a visual distraction. And for many programs that alter the title bar, the Comments link renders the Minimize, Maximize, and Close window buttons unusable, so it's actually a problem.
Let's get rid of it. Or, if you're into this kind of thing, you can edit it too.
Open the Registry Editor and navigate to the following keys:
My Computer \ HKEY_CURRENT_USER \ Control Panel \ Desktop \ LameButtonEnabled
My Computer \ HKEY_CURRENT_USER \ Control Panel \ Desktop \ LameButtonText
The first key determines whether the link appears at all; change its value to 0 to turn it off. The second key lets you have a little fun with the hyperlink; you can change the text to anything you'd like, such as "Paul Thurrott" or whatever.
Editing either value requires a restart before the changes take effect.
Before: An unnecessary hyperlink. Have some fun with it! Or just remove it entirely. It's up to you.
Rip high-quality MP3s in Windows Media Player 8
================================================
The relationship between Windows Media Player 8 and the MP3 audio format is widely misunderstood. Basically, WMP8 will be able to playback MP3 files, but encoding (or "ripping" CD audio into MP3 format will require an MP3 plug-in. So during the Windows XP beta, Microsoft is supplying a sample MP3 plug-in for testing purposes, but it's limited to 56 Kbps rips, which is pretty useless. However, if you have an externally installed MP3 codec, you can use WMP8 to rip at higher bit rates. But you'll have to edit the Registry to make this work.
Fire up the Registry Editor and navigate to the following key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MediaPlayer \ Settings \ MP3Encoding
Here, you'll see sub-keys for LowRate and LowRateSample, which of course equates to the single 56 Kbps sample rate you see in WMP8. To get better sampling rates, try adding the following keys (Using New then DWORD value):
"LowRate" = DWORD value of 0000dac0
"MediumRate" = DWORD value of 0000fa00
"MediumHighRate" = DWORD value of 0001f400
"HighRate" = DWORD value of 0002ee00
Now, when you launch WMP8 and go into Tools, then Options, then Copy Music, you will have four encoding choices for MP3: 56 Kbps, 64 Kbps, 128 Kbps, and 192 Kbps. Note that you will not get higher bit rate encoding unless you have installed an MP3 codec separately; the version in Windows Media Player 8 is limited to 56 Kbps only.
Find the appropriate location in the Registry... ...add a few DWORD values... ...And then you'll be ripping CDs in higher-quality MP3 format!
Speed up the Start Menu
=======================
The default speed of the Start Menu is pretty slow, but you can fix that by editing a Registry Key. Fire up the Registry Editor and navigate to the following key:
HKEY_CURRENT_USER \ Control Panel \ Desktop \ MenuShowDelay
By default, the value is 400. Change this to a smaller value, such as 0, to speed it up.
Speed up the Start Menu (Part two)
==================================
If your confounded by the slow speed of the Start Menu, even after using the tip above, then you might try the following: Navigate to Display Properties then Appearance then Advanced and turn off the option titled Show menu shadow . You will get much better overall performance.
Speed up Internet Explorer 6 Favorites
======================================
For some reason, the Favorites menu in IE 6 seems to slow down dramatically sometimes--I've noticed this happens when you install Tweak UI 1.33, for example, and when you use the preview tip to speed up the Start menu. But here's a fix for the problem that does work, though it's unclear why:
Just open a command line window (Start button -> Run -> cmd) and type sfc, then hit ENTER. This command line runs the System File Checker, which performs a number of services, all of which are completely unrelated to IE 6. But there you go: It works.
Do an unattended installation
=============================
The Windows XP Setup routine is much nicer than that in Windows 2000 or Windows Me, but it's still an hour-long process that forces you to sit in front of your computer for an hour, answering dialog boxes and typing in product keys. But Windows XP picks up one of the more useful features from Windows 2000, the ability to do an unattended installation, so you can simply prepare a script that will answer all those dialogs for you and let you spend some quality time with your family.
I've written about Windows 2000 unattended installations and the process is pretty much identical on Windows XP, so please read that article carefully before proceeding. And you need to be aware that this feature is designed for a standalone Windows XP system: If you want to dual-boot Windows XP with another OS, you're going to have to go through the interactive Setup just like everyone else: An unattended install will wipe out your hard drive and install only Windows XP, usually.
To perform an unattended installation, you just need to work with the Setup Manager, which is located on the Windows XP CD-ROM in D:\SupportTools\DEPLOY.CAB by default: Extract the contents of this file and you'll find a number of useful tools and help files; the one we're interested in is named setupmgr.exe. This is a very simple wizard application that will walk you through the process of creating an answer file called winnt.sif that can be used to guide Windows XP Setup through the unattended installation.
One final tip: There's one thing that Setup Manager doesn't add: Your product key. However, you can add this to the unattend.txt file manually. Simply open the file in Notepad and add the following line under the [UserData] section:
ProductID=RK7J8-2PGYQ-P47VV-V6PMB-F6XPQ
(This is a 60 day cd key)
Then, just copy winnt.sif to a floppy, put your Windows XP CD-ROM in the CD drive, and reboot: When the CD auto-boots, it will look for the unattend.txt file in A: automatically, and use it to answer the Setup questions if it's there.
Finally, please remember that this will wipe out your system! Back up first, and spend some time with the help files in DEPLOY.CAB before proceeding.
For Older builds or not using setupreg.hiv file
===============================================
Remove the Desktop version text
During the Windows XP beta, you will see text in the lower right corner of the screen that says Windows XP Professional, Evaluation Copy. Build 2462 or similar. A lot of people would like to remove this text for some reason, and while it's possible to do so, the cure is more damaging than the problem, in my opinion. So the following step will remove this text, but you'll lose a lot of the nice graphical effects that come in Windows XP, such as the see-through icon text.
To remove the desktop version text, open Display Properties (right-click the desktop, then choose Properties) and navigate to the Desktop page. Click Customize Desktop and then choose the Web page in the resulting dialog. On this page, check the option titled Lock desktop items. Click OK to close the dialog, and then OK to close Display Properties. The text disappears. But now the rest of your system is really ugly. You can reverse the process by unchecking Lock desktop items.
There's also a shortcut for this process: Just right-click the desktop and choose Arrange by then Lock Web Icons on the Desktop.
--------------------------------------------------------------------------------
Enable ClearType on the Welcome Screen!
=======================================
As laptop users and other LCD owners are quickly realizing, Microsoft's ClearType technology in Windows XP really makes a big difference for readability. But the this feature is enabled on a per-user basis in Windows XP, so you can't see the effect on the Welcome screen; it only appears after you logon.
But you can fix that. Fire up the Registry Editor and look for the following keys:
(default user) HKEY_USERS \ .Default \ Control Panel \ Desktop \ FontSmoothing (String Value)
HKEY_USERS \ .Default \ Control Panel \ Desktop \ FontSmoothingType (Hexadecimal DWORD Value)
Make sure both of these values are set to 2 and you'll have ClearType enabled on the Welcome screen and on each new user by default.
Stop Windows Messenger from Auto-Starting
=========================================
If you're not a big fan of Windows Messenger simply delete the following Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
Display Hibernate Option on the Shut Down dialog
================================================
For some reason, Hibernate may not be available from the default Shut Down dialog. But you can enable it simply enough, by holding down the SHIFT key while the dialog is visible. Now you see it, now you don't!
Add album art to any music folder
=================================
One of the coolest new features in Windows XP is its album thumbnail generator, which automatically places the appropriate album cover art on the folder to which you are copying music (generally in WMA format). But what about those people that have already copied their CDs to the hard drive using MP3 format? You can download album cover art from sites such as cdnow.com or amguide.com, and then use the new Windows XP folder customize feature to display the proper image for each folder. But this takes time--you have to manually edit the folder properties for every single folder--and you will lose customizations if you have to reinstall the OS. There's an excellent fix, however.
When you download the album cover art from the Web, just save the images as folder.jpg each time and place them in the appropriate folder. Then, Windows XP will automatically use that image as the thumbnail for that folder and, best of all, will use that image in Windows Media Player for Windows XP (MPXP) if you choose to display album cover art instead of a visualization. And the folder customization is automatic, so it survives an OS reinstallation as well. Your music folders never looked so good!
Album cover art makes music folder thumbnails look better than ever!
Change the location of the My Music or My Pictures folders
==========================================================
In Windows 2000, Microsoft added the ability to right-click the My Documents folder and choose a new location for that folder in the sh*ll
. With Windows XP, Microsoft has elevated the My Music and My Pictures folders to the same "special sh*ll
folder" status of My Documents, but they never added a similar (and simple) method for changing those folder's locations. However, it is actually pretty easy to change the location of these folders, using the following method.
Open a My Computer window and navigate to the location where you'd like My Music (or My Pictures) to reside. Then, open the My Documents folder in a different window. Drag the My Music (or My Pictures) folder to the other window, and Windows XP will update all of the references to that folder to the new location, including the Start menu.
Or use Tweak UI
Add/Remove optional features of Windows XP
==========================================
To dramatically expand the list of applications you can remove from Windows XP after installation, navigate to C:\WINDOWS\inf (substituting the correct drive letter for your version of Windows) and open the sysoc.inf file. Under Windows XP Professional Edition RC1, this file will resemble the following by default:
[Version] Signature = "$Windows NT$"
DriverVer=06/26/2001,5.1.2505.0
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7
[Global]
WindowTitle=%WindowTitle%
WindowTitle.StandAlone="*"
The entries that include the text hide or HIDE will not show up in Add/Remove Windows Components by default. To fix this, do a global search and replace for ,hide and change each instance of this to , (a comma). Then, save the file, relaunch Add/Remove Windows Components, and tweak the installed applications to your heart's content.
Cool, eh? There are even more new options now under "Accessories and Utilities" too.
Remove Windows Messenger
========================
It seems that a lot of people are interested in removing Windows Messenger for some reason, though I strongly recommend against this: In Windows XP, Windows Messenger will be the hub of your connection to the .NET world, and now that this feature is part of Windows, I think we're going to see a lot of .NET Passport-enabled Web sites appearing as well. But if you can't stand the little app, there are a couple of ways to get rid of it, and ensure that it doesn't pop up every time you boot into XP. The best way simply utilizes the previous tip:
If you'd like Windows Messenger to show up in the list of programs you can add and remove from Windows, navigate to C:\WINDOWS\inf (substituting the correct drive letter for your version of Windows) and open sysoc.inf (see the previous tip for more information about this file). You'll see a line that reads:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
Change this to the following and Windows Messenger will appear in Add or Remove Programs, then Add/Remove Windows Components, then , and you can remove it for good:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7
Saturday, January 24, 2009
Windows XP Startup and Performance Tweaks
Windows XP is now the predominant consumer OS of both gamers and power users. Sure, many of us still dual-boot with Win9x, because it is faster for many games, but the joy of a true 32-bit operating system with full consumer support is too much for many of us to remain loyal to NT 4.0 or Windows 2000. Now that Windows XP has matured past its infancy and many (but by far not all) of the bugs have been shaken out of it, Ars Technica brings you the first in a series of tweak guides for this illustrious and yet somewhat finicky OS.
This first guide aims to cover two main areas of contention: the boot process (sans the system services, which are an entire guide of their own) and a mishmash of general computing tweaks. The boot tweaks will be comprised of not only system settings, but also several under-utilized applications that can dramatically reduce load time. The general performance tweaks are simply various tweaks that do not quite fit in with the theme of this article, but still have a significant effect on system startup performance (because most any tweaks that one performs should have some kind of effect on the startup time of the system).
Before we begin, several pieces of laundry need to be aired out. To begin with, if you have already tweaked the services on the computer in question, please return them to the default settings. One of the applications I am recommending requires that several systems be enabled that most power users frequently disable (e.g., Task Scheduler). Once you have completed the tweaks mentioned in this guide, feel free to return said services back to your preferred settings, as they only need to be enabled for a short time.
View
http://arstechnica.com/tweak/win2k/xp/sgp-tweaks-1.html
This first guide aims to cover two main areas of contention: the boot process (sans the system services, which are an entire guide of their own) and a mishmash of general computing tweaks. The boot tweaks will be comprised of not only system settings, but also several under-utilized applications that can dramatically reduce load time. The general performance tweaks are simply various tweaks that do not quite fit in with the theme of this article, but still have a significant effect on system startup performance (because most any tweaks that one performs should have some kind of effect on the startup time of the system).
Before we begin, several pieces of laundry need to be aired out. To begin with, if you have already tweaked the services on the computer in question, please return them to the default settings. One of the applications I am recommending requires that several systems be enabled that most power users frequently disable (e.g., Task Scheduler). Once you have completed the tweaks mentioned in this guide, feel free to return said services back to your preferred settings, as they only need to be enabled for a short time.
View
http://arstechnica.com/tweak/win2k/xp/sgp-tweaks-1.html
Wednesday, January 21, 2009
a simple tut about .bin an .cue
There always seems to be the question "what do I do with a .bin and .cue file" in these forums so I figured I would write a quick and simple tutorial. Please feel free to add more.
So you have downloaded two files, one with a .bin extension and one with a .cue extension. "What do I do with these?" you ask. There are a number of options.
BURN TO CD
You will need either NERO, CDRWIN or FIREBURNER to burn the file.
To burn with NERO:
Start NERO, choose FILE, choose BURN IMAGE, locate the .cue file you have and double click it. A dialog box will come up, for anything other than music make sure you choose DISC-AT-ONCE (DAO). You can also turn off the simulation burn if you so choose.
Then burn away.
To burn with CDRWin:
Start CDRWin, choose the button on the top left, choose LOAD CUESHEET, press START RECORDING.
To burn with Fireburner:
Start Fireburner, click on the button on the bottom left corner "VISUAL CUE BURNER/BINCHUNKER", press the right mouse button and choose LOAD TRACKS FROM .CUE and choose the correct .CUE file, press the right mouse button again and chooseselect "Burn/Test Burn", choose DISK AT ONCE (DAO), disable TEST BURN and MULTISESSION, press OK.
.CUE ERRORS
The most common error you will get with a .cue file is when it points to an incorrect path. This is easily fixed. Find the .bin file, copy the exact title including the .bin extension. Now find the .cue file, open the .cue file using notepad. It should look similar to this:
FILE "name of file.bin" BINARY
TRACK 01 MODE2/2352
INDEX 01 00:00:00
TRACK 02 MODE2/2352
INDEX 00 00:04:00
INDEX 01 00:06:00
Delete everything in the quotes, in this case we would
delete name of file.bin. Now place the title you copied
in between the quotes. Save the changes and close out.
Thats it, your .cue file should work now.
OTHER WAYS TO USE .BIN & .CUE FILES
VCDGear:
This program will allow you to extract MPEG streams from CD images, convert VCD files to MPEG, correct MPEG errors, and more.
Daemon Tools:
This program creates a virtual drive on your PC which will allow you to "mount" the .cue file and use whatever is in the .bin file without having to burn it to a cd.
ISOBuster:
This program will allow you to "bust" open the .bin file and extract the files within the .bin.
_________________
So you have downloaded two files, one with a .bin extension and one with a .cue extension. "What do I do with these?" you ask. There are a number of options.
BURN TO CD
You will need either NERO, CDRWIN or FIREBURNER to burn the file.
To burn with NERO:
Start NERO, choose FILE, choose BURN IMAGE, locate the .cue file you have and double click it. A dialog box will come up, for anything other than music make sure you choose DISC-AT-ONCE (DAO). You can also turn off the simulation burn if you so choose.
Then burn away.
To burn with CDRWin:
Start CDRWin, choose the button on the top left, choose LOAD CUESHEET, press START RECORDING.
To burn with Fireburner:
Start Fireburner, click on the button on the bottom left corner "VISUAL CUE BURNER/BINCHUNKER", press the right mouse button and choose LOAD TRACKS FROM .CUE and choose the correct .CUE file, press the right mouse button again and chooseselect "Burn/Test Burn", choose DISK AT ONCE (DAO), disable TEST BURN and MULTISESSION, press OK.
.CUE ERRORS
The most common error you will get with a .cue file is when it points to an incorrect path. This is easily fixed. Find the .bin file, copy the exact title including the .bin extension. Now find the .cue file, open the .cue file using notepad. It should look similar to this:
FILE "name of file.bin" BINARY
TRACK 01 MODE2/2352
INDEX 01 00:00:00
TRACK 02 MODE2/2352
INDEX 00 00:04:00
INDEX 01 00:06:00
Delete everything in the quotes, in this case we would
delete name of file.bin. Now place the title you copied
in between the quotes. Save the changes and close out.
Thats it, your .cue file should work now.
OTHER WAYS TO USE .BIN & .CUE FILES
VCDGear:
This program will allow you to extract MPEG streams from CD images, convert VCD files to MPEG, correct MPEG errors, and more.
Daemon Tools:
This program creates a virtual drive on your PC which will allow you to "mount" the .cue file and use whatever is in the .bin file without having to burn it to a cd.
ISOBuster:
This program will allow you to "bust" open the .bin file and extract the files within the .bin.
_________________
Monday, January 19, 2009
Making bootable Winxp cd (sp1)
Step 1
Create 3 folders - C:\WINXPSP1, C:\SP1106 and C:\XPBOOT
Step 2
Copy the entire Windows XP CD into folder C:\WINXPSP1
Step 3
You will have to download the SP1 Update, which is 133MB.
Rename the Service Pack file to XP-SP1.EXE
Extract the Service Pack from the Run Dialog using the command:
C:\XP-SP1.EXE -U -X:C:\SP1106
Step 4
Open Start/Run... and type the command:
C:\SP1106\update\update.exe -s:C:\WINXPSP1
Click OK
Folder C:\WINXPSP1 contains: Windows XP SP1
How to Create a Windows XP SP1 CD Bootable
Step 1
Download xpboot.zip
Code:
Code:
http://thro.port5.com/xpboot.zip
( no download manager !! )
Extract xpboot.zip file (xpboot.bin) in to the folder C:\XPBOOT
Step 2
Start Nero - Burning Rom.
Select File > New... from the menu.
1.) Select CD-ROM (Boot)
2.) Select Image file from Source of boot image data
3.) Set Kind of emulation: to No Emulation
4.) Set Load segment of sectors (hex!): to 07C0
5.) Set Number of loaded sectors: to 4
6.) Press the Browse... button
Step 3
Select All Files (*.*) from File of type:
Locate boot.bin in the folder C:\XPBOOT
Step 4
Click ISO tab
Set File-/Directory length to ISO Level 1 (Max. of 11 = 8 + 3 chars)
Set Format to Mode 1
Set Character Set to ISO 9660
Check all Relax ISO Restrictions
Step 5
Click Label Tab
Select ISO9660 from the drop down box.
Enter the Volume Label as WB2PFRE_EN
Enter the System Identifier as WB2PFRE_EN
Enter the Volume Set as WB2PFRE_EN
Enter the Publisher as MICROSOFT CORPORATION
Enter the Data Preparer as MICROSOFT CORPORATION
Enter the Application as WB2PFRE_EN
* For Windows XP Professional OEM substitute WB2PFRE_EN with WXPOEM_EN
* For Windows XP Home OEM substitute WB2PFRE_EN with WXHOEM_EN
Step 6
Click Burn tab
Check Write
Check Finalize CD (No further writing possible!)
Set Write Method to Disk-At-Once
Press New button
Step 7
Locate the folder C:\WINXPSP1
Select everything in the folder and drag it to the ISO compilation panel.
Click the Write CD Dialog button.
Press Write
You're done.
Create 3 folders - C:\WINXPSP1, C:\SP1106 and C:\XPBOOT
Step 2
Copy the entire Windows XP CD into folder C:\WINXPSP1
Step 3
You will have to download the SP1 Update, which is 133MB.
Rename the Service Pack file to XP-SP1.EXE
Extract the Service Pack from the Run Dialog using the command:
C:\XP-SP1.EXE -U -X:C:\SP1106
Step 4
Open Start/Run... and type the command:
C:\SP1106\update\update.exe -s:C:\WINXPSP1
Click OK
Folder C:\WINXPSP1 contains: Windows XP SP1
How to Create a Windows XP SP1 CD Bootable
Step 1
Download xpboot.zip
Code:
Code:
http://thro.port5.com/xpboot.zip
( no download manager !! )
Extract xpboot.zip file (xpboot.bin) in to the folder C:\XPBOOT
Step 2
Start Nero - Burning Rom.
Select File > New... from the menu.
1.) Select CD-ROM (Boot)
2.) Select Image file from Source of boot image data
3.) Set Kind of emulation: to No Emulation
4.) Set Load segment of sectors (hex!): to 07C0
5.) Set Number of loaded sectors: to 4
6.) Press the Browse... button
Step 3
Select All Files (*.*) from File of type:
Locate boot.bin in the folder C:\XPBOOT
Step 4
Click ISO tab
Set File-/Directory length to ISO Level 1 (Max. of 11 = 8 + 3 chars)
Set Format to Mode 1
Set Character Set to ISO 9660
Check all Relax ISO Restrictions
Step 5
Click Label Tab
Select ISO9660 from the drop down box.
Enter the Volume Label as WB2PFRE_EN
Enter the System Identifier as WB2PFRE_EN
Enter the Volume Set as WB2PFRE_EN
Enter the Publisher as MICROSOFT CORPORATION
Enter the Data Preparer as MICROSOFT CORPORATION
Enter the Application as WB2PFRE_EN
* For Windows XP Professional OEM substitute WB2PFRE_EN with WXPOEM_EN
* For Windows XP Home OEM substitute WB2PFRE_EN with WXHOEM_EN
Step 6
Click Burn tab
Check Write
Check Finalize CD (No further writing possible!)
Set Write Method to Disk-At-Once
Press New button
Step 7
Locate the folder C:\WINXPSP1
Select everything in the folder and drag it to the ISO compilation panel.
Click the Write CD Dialog button.
Press Write
You're done.
Winxp system response,reboot without rebooting
Have you ever been using your computer and your system sudddenly stops responding in ways like it if you try to open something it just hangs? One time I tried deleting a folder and it said it was in use, but it really wasn't. If this ever happens to you, you can follow these simple steps to 'reboot' your computer without 'rebooting' it.
Press CRTL + ALT + DEL
Goto the 'processes' tab and click explorer.exe once and then click 'end process'.
Now, click File > New Task and type explorer.exe
Everything should be fine now! If the problem is major, I would recomend actually shutting down then starting up again.
Press CRTL + ALT + DEL
Goto the 'processes' tab and click explorer.exe once and then click 'end process'.
Now, click File > New Task and type explorer.exe
Everything should be fine now! If the problem is major, I would recomend actually shutting down then starting up again.
Saturday, January 17, 2009
Winxp Tips And Tricks, Winsock 2 repair
Repairing Damaged Winsock2
The symptoms when Winsock2 is damaged show when you try to release and renew the IP address using IPCONFIG...
And you get the following error message:
An error occurred while renewing interface 'Internet': An operation was attempted on something that is not a socket.
Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.
There are two easy ways to determine if Winsock2 is damaged:
From the XP source files, go to the Support / Tools directory
Winsock Test Method 1
Run netdiag /test:winsock
The end should say Winsock test ..... passed
Winsock Test Method 2
Run Msinfo32
Click on the + by Components
Click on the by Network
Click on Protocol
There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.
To repair Winsock2
Run Regedit
Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
Restart the computer
Go to Network Connections
Right click and select Properties
Click on the Install button
Select Protocol
Click on the Add button
Click on the Have Disk button
Browse to the \Windows\inf directory
Click on the Open button
Click on the OK button
Highlight Internet Protocol (TCP/IP)
Click on the OK button
Reboot
The symptoms when Winsock2 is damaged show when you try to release and renew the IP address using IPCONFIG...
And you get the following error message:
An error occurred while renewing interface 'Internet': An operation was attempted on something that is not a socket.
Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.
There are two easy ways to determine if Winsock2 is damaged:
From the XP source files, go to the Support / Tools directory
Winsock Test Method 1
Run netdiag /test:winsock
The end should say Winsock test ..... passed
Winsock Test Method 2
Run Msinfo32
Click on the + by Components
Click on the by Network
Click on Protocol
There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.
To repair Winsock2
Run Regedit
Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
Restart the computer
Go to Network Connections
Right click and select Properties
Click on the Install button
Select Protocol
Click on the Add button
Click on the Have Disk button
Browse to the \Windows\inf directory
Click on the Open button
Click on the OK button
Highlight Internet Protocol (TCP/IP)
Click on the OK button
Reboot
Xp Folder View Does Not Stay To You're Setting., Grab your registry editor and join in
Xp Folder View Does Not Stay To You're Setting., Grab your registry editor and join in
Why Doesn't Windows Remember My Folder View Settings?
If you've changed the view settings for a folder, but Windows "forgets" the settings when you open the folder again, or if Windows doesn't seem to remember the size or position of your folder window when you reopen it, this could be caused by the default limitation on storing view settings data in the registry; by default Windows only remembers settings for a total of 200 local folders and 200 network folders.
To work around this problem, create a BagMRU Size DWORD value in both of the following registry keys, and then set the value data for both values to the number of folders that you want Windows to remember the settings for. For example, for Windows to remember the settings for 5000 local folders and 5000 network folders, set both values to 5000.
Here is how:
Follow these steps, and then quit Registry Editor:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BagMRU Size, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 5000, and then click OK.
AND:
1. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
2. On the Edit menu, point to New, and then click DWORD Value.
3. Type BagMRU Size, and then press ENTER.
4. On the Edit menu, click Modify.
5. Type 5000, and then click OK.
Note:
When you use roaming user profiles, registry information is copied to a server when you log off and copied to your local computer when you log on. Therefore, you may have performance issues if you increase the BagMRU Size values for roaming user profiles.
Why Doesn't Windows Remember My Folder View Settings?
If you've changed the view settings for a folder, but Windows "forgets" the settings when you open the folder again, or if Windows doesn't seem to remember the size or position of your folder window when you reopen it, this could be caused by the default limitation on storing view settings data in the registry; by default Windows only remembers settings for a total of 200 local folders and 200 network folders.
To work around this problem, create a BagMRU Size DWORD value in both of the following registry keys, and then set the value data for both values to the number of folders that you want Windows to remember the settings for. For example, for Windows to remember the settings for 5000 local folders and 5000 network folders, set both values to 5000.
Here is how:
Follow these steps, and then quit Registry Editor:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BagMRU Size, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 5000, and then click OK.
AND:
1. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
2. On the Edit menu, point to New, and then click DWORD Value.
3. Type BagMRU Size, and then press ENTER.
4. On the Edit menu, click Modify.
5. Type 5000, and then click OK.
Note:
When you use roaming user profiles, registry information is copied to a server when you log off and copied to your local computer when you log on. Therefore, you may have performance issues if you increase the BagMRU Size values for roaming user profiles.
Win XP Tweaks
Win XP Tweaks
-----------
STARTUP
-----------
Windows Prefetcher
******************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory Management \ PrefetchParameters]
Under this key there is a setting called EnablePrefetcher, the default setting of which is 3. Increasing this number to 5 gives the prefetcher system more system resources to prefetch application data for faster load times. Depending on the number of boot processes you run on your computer, you may get benefits from settings up to 9. However, I do not have any substantive research data on settings above 5 so I cannot verify the benefits of a higher setting. This setting also may effect the loading times of your most frequently launched applications. This setting will not take effect until after you reboot your system.
Master File Table Zone Reservation
**********************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem]
Under this key there is a setting called NtfsMftZoneReservation, the default setting of which is 1. The range of this value is from 1 to 4. The default setting reserves one-eighth of the volume for the MFT. A setting of 2 reserves one-quarter of the volume for the MFT. A setting of 3 for NtfsMftZoneReservation reserves three-eighths of the volume for the MFT and setting it to 4 reserves half of the volume for the MFT. Most users will never exceed one-quarter of the volume. I recommend a setting of 2 for most users. This allows for a "moderate number of files" commensurate with the number of small files included in most computer games and applications. Reboot after applying this tweak.
Optimize Boot Files
*******************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Dfrg \ BootOptimizeFunction]
Under this key is a text value named Enable. A value of Y for this setting enables the boot files defragmenter. This setting defragments the boot files and may move the boot files to the beginning (fastest) part of the partition, but that last statement is unverified. Reboot after applying this tweak.
Optimizing Startup Programs [msconfig]
**************************************
MSConfig, similar to the application included in Win9x of the same name, allows the user to fine tune the applications that are launched at startup without forcing the user to delve deep into the registry. To disable some of the applications launched, load msconfig.exe from the run command line, and go to the Startup tab. From there, un-ticking the checkbox next to a startup item will stop it from launching. There are a few application that you will never want to disable (ctfmon comes to mind), but for the most part the best settings vary greatly from system to system.
As a good rule of thumb, though, it is unlikely that you will want to disable anything in the Windows directory (unless it's a third-party program that was incorrectly installed into the Windows directory), nor will you want to disable anything directly relating to your system hardware. The only exception to this is when you are dealing with software, which does not give you any added benefits (some OEM dealers load your system up with software you do not need). The nice part of msconfig is that it does not delete any of the settings, it simply disables them, and so you can go back and restart a startup application if you find that you need it. This optimization won't take effect until after a reboot.
Bootvis Application
*******************
The program was designed by Microsoft to enable Windows XP to cold boot in 30 seconds, return from hibernation in 20 seconds, and return from standby in 10 seconds. Bootvis has two extremely useful features. First, it can be used to optimize the boot process on your computer automatically. Second, it can be used to analyze the boot process for specific subsystems that are having difficulty loading. The first process specifically targets the prefetching subsystem, as well as the layout of boot files on the disk. When both of these systems are optimized, it can result in a significant reduction in the time it takes for the computer to boot.
Before attempting to use Bootvis to analyze or optimize the boot performance of your system, make sure that the task scheduler service has been enabled – the program requires the service to run properly. Also, close all open programs as well – using the software requires a reboot.
To use the software to optimize your system startup, first start with a full analysis of a fresh boot. Start Bootvis, go to the Tools menu, and select next boot. Set the Trace Repetition Settings to 2 repetitions, Start at 1, and Reboot automatically. Then set the trace into motion. The system will fully reboot twice, and then reopen bootvis and open the second trace file (should have _2 in the name). Analyze the graphs and make any changes that you think are necessary (this is a great tool for determining which startup programs you want to kill using msconfig). Once you have made your optimizations go to the Trace menu, and select the Optimize System item. This will cause the system to reboot and will then make some changes to the file structure on the hard drive (this includes a defragmentation of boot files and a shifting of their location to the fastest portion of the hard disk, as well as some other optimizations). After this is done, once again run a Trace analysis as above, except change the starting number to 3. Once the system has rebooted both times, compare the charts from the second trace to the charts for the fourth trace to show you the time improvement of the system's boot up.
The standard defragmenter included with Windows XP will not undo the boot optimizations performed by this application.
-----------------------------------
General Performance Tweaks
-----------------------------------
IRQ Priority Tweak
******************
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ PriorityControl]
You will need to create a new DWORD: IRQ#Priority (where # is the number of the IRQ you want to prioritize) and give it a setting of 1. This setting gives the requisite IRQ channel priority over the other IRQs on a software level. This can be extremely important for functions and hardware subsystems that need real-time access to other parts of the system. There are several different subsystems that might benefit from this tweak. Generally, I recommend giving either the System CMOS or the video card priority. The System CMOS generally has an IRQ setting of 8, and giving it priority enhances the I/O performance of the system. Giving priority to the video card can increase frame rates and make AGP more effective.
You can give several IRQs priority, but I am not entirely certain how the system interacts when several IRQs are given priority – it may cause random instabilities in the system, although it is more likely that there's a parsing system built into Windows XP to handle such an occurrence. Either way, I would not recommend it.
QoS tweak
*********
QoS (Quality of Service) is a networking subsystem which is supposed to insure that the network runs properly. The problem with the system is that it eats up 20% of the total bandwidth of any networking service on the computer (including your internet connection). If you are running XP Professional, you can disable the bandwidth quota reserved for the system using the Group Policy Editor [gpedit.msc].
You can run the group policy editor from the Run command line. To find the setting, expand "Local Computer Policy" and go to "Administrative Templates" under "Computer Configuration." Then find the "Network" branch and select "QoS Packet Scheduler." In the right hand box, double click on the "Limit Reservable Bandwidth." From within the Settings tab, enable the setting and then go into the "Bandwidth Limit %" and set it to 0%. The reason for this is that if you disable this setting, the computer defaults to 20%. This is true even when you aren't using QoS.
Free Idle Tasks Tweak
*********************
This tweak will free up processing time from any idle processes and allow it to be used by the foreground application. It is useful particularly if you are running a game or other 3D application. Create a new shortcut to "Rundll32.exe advapi32.dll,ProcessIdleTasks" and place it on your desktop. Double-click on it anytime you need all of your processing power, before opening the application.
Windows Indexing Services
Windows Indexing Services creates a searchable database that makes system searches for words and files progress much faster – however, it takes an enormous amount of hard drive space as well as a significant amount of extra CPU cycles to maintain the system. Most users will want to disable this service to release the resources for use by the system. To turn off indexing, open My Computer and right click on the drive on which you wish to disable the Indexing Service. Enter the drive's properties and under the general tab, untick the box for "Allow the Indexing Service to index this disk for fast file searching."
Priority Tweak
**************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl]
This setting effectively runs each instance of an application in its own process for significantly faster application performance and greater stability. This is extremely useful for users with stability problems, as it can isolate specific instances of a program so as not to bring down the entire application. And, it is particularly useful for users of Internet Explorer, for if a rogue web page crashes your browser window, it does not bring the other browser windows down with it. It has a similar effect on any software package where multiple instances might be running at once, such as Microsoft Word. The only problem is that this takes up significantly more memory, because such instances of a program cannot share information that is in active memory (many DLLs and such will have to be loaded into memory multiple times). Because of this, it is not recommended for anyone with less than 512 MB of RAM, unless they are running beta software (or have some other reason for needing the added stability).
There are two parts to this tweak. First is to optimize XP's priority control for the processes. Browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl and set the "Win32PrioritySeparation" DWORD to 38. Next, go into My Computer and under Tools, open the Folder Options menu. Select the View tab and check the "Launch folder windows in separate process" box. This setting actually forces each window into its own memory tread and gives it a separate process priority.
Powertweak application
**********************
xxx.powertweak.com
Powertweak is an application, which acts much like a driver for our chipsets. It optimizes the communication between the chipset and the CPU, and unlocks several "hidden" features of the chipset that can increase the speed of the system. Specifically, it tweaks the internal registers of the chipset and processor that the BIOS does not for better communication performance between subsystems. Supported CPUs and chipsets can see a significant increase in I/O bandwidth, increasing the speed of the entire system. Currently the application supports most popular CPUs and chipsets, although you will need to check the website for your specific processor/chipset combo – the programmer is working on integrating even more chipsets and CPUs into the software.
Offload Network Task Processing onto the Network Card
*****************************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters]
Many newer network cards have the ability of taking some of the network processing load off of the processor and performing it right on the card (much like Hardware T&L on most new video cards). This can significantly lower the CPU processes needed to maintain a network connection, freeing up that processor time for other tasks. This does not work on all cards, and it can cause network connectivity problems on systems where the service is enabled but unsupported, so please check with your NIC manufacturer prior to enabling this tweak. Find the DWORD "DisableTaskOffload" and set the value to 0 (the default value is 1). If the key is not already available, create it.
Force XP to Unload DLLs
***********************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer]
"AlwaysUnloadDLL"=dword:00000001
XP has a bad habit of keeping dynamic link libraries that are no longer in use resident in memory. Not only do the DLLs use up precious memory space, but they also tend to cause stability problems in some systems. To force XP to unload any DLLs in memory when the application that called them is no longer in memory, browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer and find the DWORD "AlwaysUnloadDLL". You may need to create this key. Set the value to 1 to force the operating system to unload DLLs.
Give 16-bit apps their own separate processes
*********************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW]
"DefaultSeparateVDM"="Yes"
By default, Windows XP will only open one 16-bit process and cram all 16-bit apps running on the system at a given time into that process. This simulates how MS-DOS based systems viewed systems and is necessary for some older applications that run together and share resources. However, most 16-bit applications work perfectly well by themselves and would benefit from the added performance and stability of their own dedicated resources. To force Windows XP to give each 16-bit application it's own resources, browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW and find the String "DefaultSeparateVDM". If it is not there, you may need to create it. Set the value of this to Yes to give each 16-bit application its own process, and No to have the 16-bit application all run in the same memory space.
Disable User Tracking
*********************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
"NoInstrumentation"=dword:00000001
The user tracking system built into Windows XP is useless to 99% of users (there are very few uses for the information collected other than for a very nosy system admin), and it uses up precious resources to boot, so it makes sense to disable this "feature" of Windows XP. To do so, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer and find the DWORD "NoInstrumentation". You may need to create this key if it is not there. The default setting is 0, but setting it to 1 will disable most of the user tracking features of the system.
Thumbnail Cache
***************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"DisableThumbnailCache"=dword:00000001
Windows XP has a neat feature for graphic and video files that creates a "thumbnail" of the image or first frame of the video and makes it into an oversized icon for the file. There are two ways that Explorer can do this, it can create them fresh each time you access the folder or it can load them from a thumbnail cache. The thumbnail caches on systems with a large number of image and video files can become staggeringly large. To disable the Thumbnail Cache, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced and find the DWORD "DisableThumbnailCache". You may need to create this key. A setting of 1 is recommended for systems where the number of graphic and video files is large, and a setting of 0 is recommended for systems not concerned about hard drive space, as loading the files from the cache is significantly quicker than creating them from scratch each time a folder is accessed.
-----------
STARTUP
-----------
Windows Prefetcher
******************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory Management \ PrefetchParameters]
Under this key there is a setting called EnablePrefetcher, the default setting of which is 3. Increasing this number to 5 gives the prefetcher system more system resources to prefetch application data for faster load times. Depending on the number of boot processes you run on your computer, you may get benefits from settings up to 9. However, I do not have any substantive research data on settings above 5 so I cannot verify the benefits of a higher setting. This setting also may effect the loading times of your most frequently launched applications. This setting will not take effect until after you reboot your system.
Master File Table Zone Reservation
**********************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem]
Under this key there is a setting called NtfsMftZoneReservation, the default setting of which is 1. The range of this value is from 1 to 4. The default setting reserves one-eighth of the volume for the MFT. A setting of 2 reserves one-quarter of the volume for the MFT. A setting of 3 for NtfsMftZoneReservation reserves three-eighths of the volume for the MFT and setting it to 4 reserves half of the volume for the MFT. Most users will never exceed one-quarter of the volume. I recommend a setting of 2 for most users. This allows for a "moderate number of files" commensurate with the number of small files included in most computer games and applications. Reboot after applying this tweak.
Optimize Boot Files
*******************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Dfrg \ BootOptimizeFunction]
Under this key is a text value named Enable. A value of Y for this setting enables the boot files defragmenter. This setting defragments the boot files and may move the boot files to the beginning (fastest) part of the partition, but that last statement is unverified. Reboot after applying this tweak.
Optimizing Startup Programs [msconfig]
**************************************
MSConfig, similar to the application included in Win9x of the same name, allows the user to fine tune the applications that are launched at startup without forcing the user to delve deep into the registry. To disable some of the applications launched, load msconfig.exe from the run command line, and go to the Startup tab. From there, un-ticking the checkbox next to a startup item will stop it from launching. There are a few application that you will never want to disable (ctfmon comes to mind), but for the most part the best settings vary greatly from system to system.
As a good rule of thumb, though, it is unlikely that you will want to disable anything in the Windows directory (unless it's a third-party program that was incorrectly installed into the Windows directory), nor will you want to disable anything directly relating to your system hardware. The only exception to this is when you are dealing with software, which does not give you any added benefits (some OEM dealers load your system up with software you do not need). The nice part of msconfig is that it does not delete any of the settings, it simply disables them, and so you can go back and restart a startup application if you find that you need it. This optimization won't take effect until after a reboot.
Bootvis Application
*******************
The program was designed by Microsoft to enable Windows XP to cold boot in 30 seconds, return from hibernation in 20 seconds, and return from standby in 10 seconds. Bootvis has two extremely useful features. First, it can be used to optimize the boot process on your computer automatically. Second, it can be used to analyze the boot process for specific subsystems that are having difficulty loading. The first process specifically targets the prefetching subsystem, as well as the layout of boot files on the disk. When both of these systems are optimized, it can result in a significant reduction in the time it takes for the computer to boot.
Before attempting to use Bootvis to analyze or optimize the boot performance of your system, make sure that the task scheduler service has been enabled – the program requires the service to run properly. Also, close all open programs as well – using the software requires a reboot.
To use the software to optimize your system startup, first start with a full analysis of a fresh boot. Start Bootvis, go to the Tools menu, and select next boot. Set the Trace Repetition Settings to 2 repetitions, Start at 1, and Reboot automatically. Then set the trace into motion. The system will fully reboot twice, and then reopen bootvis and open the second trace file (should have _2 in the name). Analyze the graphs and make any changes that you think are necessary (this is a great tool for determining which startup programs you want to kill using msconfig). Once you have made your optimizations go to the Trace menu, and select the Optimize System item. This will cause the system to reboot and will then make some changes to the file structure on the hard drive (this includes a defragmentation of boot files and a shifting of their location to the fastest portion of the hard disk, as well as some other optimizations). After this is done, once again run a Trace analysis as above, except change the starting number to 3. Once the system has rebooted both times, compare the charts from the second trace to the charts for the fourth trace to show you the time improvement of the system's boot up.
The standard defragmenter included with Windows XP will not undo the boot optimizations performed by this application.
-----------------------------------
General Performance Tweaks
-----------------------------------
IRQ Priority Tweak
******************
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ PriorityControl]
You will need to create a new DWORD: IRQ#Priority (where # is the number of the IRQ you want to prioritize) and give it a setting of 1. This setting gives the requisite IRQ channel priority over the other IRQs on a software level. This can be extremely important for functions and hardware subsystems that need real-time access to other parts of the system. There are several different subsystems that might benefit from this tweak. Generally, I recommend giving either the System CMOS or the video card priority. The System CMOS generally has an IRQ setting of 8, and giving it priority enhances the I/O performance of the system. Giving priority to the video card can increase frame rates and make AGP more effective.
You can give several IRQs priority, but I am not entirely certain how the system interacts when several IRQs are given priority – it may cause random instabilities in the system, although it is more likely that there's a parsing system built into Windows XP to handle such an occurrence. Either way, I would not recommend it.
QoS tweak
*********
QoS (Quality of Service) is a networking subsystem which is supposed to insure that the network runs properly. The problem with the system is that it eats up 20% of the total bandwidth of any networking service on the computer (including your internet connection). If you are running XP Professional, you can disable the bandwidth quota reserved for the system using the Group Policy Editor [gpedit.msc].
You can run the group policy editor from the Run command line. To find the setting, expand "Local Computer Policy" and go to "Administrative Templates" under "Computer Configuration." Then find the "Network" branch and select "QoS Packet Scheduler." In the right hand box, double click on the "Limit Reservable Bandwidth." From within the Settings tab, enable the setting and then go into the "Bandwidth Limit %" and set it to 0%. The reason for this is that if you disable this setting, the computer defaults to 20%. This is true even when you aren't using QoS.
Free Idle Tasks Tweak
*********************
This tweak will free up processing time from any idle processes and allow it to be used by the foreground application. It is useful particularly if you are running a game or other 3D application. Create a new shortcut to "Rundll32.exe advapi32.dll,ProcessIdleTasks" and place it on your desktop. Double-click on it anytime you need all of your processing power, before opening the application.
Windows Indexing Services
Windows Indexing Services creates a searchable database that makes system searches for words and files progress much faster – however, it takes an enormous amount of hard drive space as well as a significant amount of extra CPU cycles to maintain the system. Most users will want to disable this service to release the resources for use by the system. To turn off indexing, open My Computer and right click on the drive on which you wish to disable the Indexing Service. Enter the drive's properties and under the general tab, untick the box for "Allow the Indexing Service to index this disk for fast file searching."
Priority Tweak
**************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl]
This setting effectively runs each instance of an application in its own process for significantly faster application performance and greater stability. This is extremely useful for users with stability problems, as it can isolate specific instances of a program so as not to bring down the entire application. And, it is particularly useful for users of Internet Explorer, for if a rogue web page crashes your browser window, it does not bring the other browser windows down with it. It has a similar effect on any software package where multiple instances might be running at once, such as Microsoft Word. The only problem is that this takes up significantly more memory, because such instances of a program cannot share information that is in active memory (many DLLs and such will have to be loaded into memory multiple times). Because of this, it is not recommended for anyone with less than 512 MB of RAM, unless they are running beta software (or have some other reason for needing the added stability).
There are two parts to this tweak. First is to optimize XP's priority control for the processes. Browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl and set the "Win32PrioritySeparation" DWORD to 38. Next, go into My Computer and under Tools, open the Folder Options menu. Select the View tab and check the "Launch folder windows in separate process" box. This setting actually forces each window into its own memory tread and gives it a separate process priority.
Powertweak application
**********************
xxx.powertweak.com
Powertweak is an application, which acts much like a driver for our chipsets. It optimizes the communication between the chipset and the CPU, and unlocks several "hidden" features of the chipset that can increase the speed of the system. Specifically, it tweaks the internal registers of the chipset and processor that the BIOS does not for better communication performance between subsystems. Supported CPUs and chipsets can see a significant increase in I/O bandwidth, increasing the speed of the entire system. Currently the application supports most popular CPUs and chipsets, although you will need to check the website for your specific processor/chipset combo – the programmer is working on integrating even more chipsets and CPUs into the software.
Offload Network Task Processing onto the Network Card
*****************************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters]
Many newer network cards have the ability of taking some of the network processing load off of the processor and performing it right on the card (much like Hardware T&L on most new video cards). This can significantly lower the CPU processes needed to maintain a network connection, freeing up that processor time for other tasks. This does not work on all cards, and it can cause network connectivity problems on systems where the service is enabled but unsupported, so please check with your NIC manufacturer prior to enabling this tweak. Find the DWORD "DisableTaskOffload" and set the value to 0 (the default value is 1). If the key is not already available, create it.
Force XP to Unload DLLs
***********************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer]
"AlwaysUnloadDLL"=dword:00000001
XP has a bad habit of keeping dynamic link libraries that are no longer in use resident in memory. Not only do the DLLs use up precious memory space, but they also tend to cause stability problems in some systems. To force XP to unload any DLLs in memory when the application that called them is no longer in memory, browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer and find the DWORD "AlwaysUnloadDLL". You may need to create this key. Set the value to 1 to force the operating system to unload DLLs.
Give 16-bit apps their own separate processes
*********************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW]
"DefaultSeparateVDM"="Yes"
By default, Windows XP will only open one 16-bit process and cram all 16-bit apps running on the system at a given time into that process. This simulates how MS-DOS based systems viewed systems and is necessary for some older applications that run together and share resources. However, most 16-bit applications work perfectly well by themselves and would benefit from the added performance and stability of their own dedicated resources. To force Windows XP to give each 16-bit application it's own resources, browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW and find the String "DefaultSeparateVDM". If it is not there, you may need to create it. Set the value of this to Yes to give each 16-bit application its own process, and No to have the 16-bit application all run in the same memory space.
Disable User Tracking
*********************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
"NoInstrumentation"=dword:00000001
The user tracking system built into Windows XP is useless to 99% of users (there are very few uses for the information collected other than for a very nosy system admin), and it uses up precious resources to boot, so it makes sense to disable this "feature" of Windows XP. To do so, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer and find the DWORD "NoInstrumentation". You may need to create this key if it is not there. The default setting is 0, but setting it to 1 will disable most of the user tracking features of the system.
Thumbnail Cache
***************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"DisableThumbnailCache"=dword:00000001
Windows XP has a neat feature for graphic and video files that creates a "thumbnail" of the image or first frame of the video and makes it into an oversized icon for the file. There are two ways that Explorer can do this, it can create them fresh each time you access the folder or it can load them from a thumbnail cache. The thumbnail caches on systems with a large number of image and video files can become staggeringly large. To disable the Thumbnail Cache, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced and find the DWORD "DisableThumbnailCache". You may need to create this key. A setting of 1 is recommended for systems where the number of graphic and video files is large, and a setting of 0 is recommended for systems not concerned about hard drive space, as loading the files from the cache is significantly quicker than creating them from scratch each time a folder is accessed.
Your Home Page Never Being Changed
Some websites illegally modify your registry editor and set their website as default home page, for stop this,
1. Right-click on the Internet Explorer icon on your desktop and select "Properties".
2. In the "Target" box you will see "C:\Program Files\Internet
Explorer\IEXPLORE.EXE".
3. Now by adding the URL of the site to the end of this it overrides any
Homepage setting in internet options:
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.shareordie.com
1. Right-click on the Internet Explorer icon on your desktop and select "Properties".
2. In the "Target" box you will see "C:\Program Files\Internet
Explorer\IEXPLORE.EXE".
3. Now by adding the URL of the site to the end of this it overrides any
Homepage setting in internet options:
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.shareordie.com
Your Home Page Nevr Being Changed
Some websites illegally modify your registry editor and set their website as default home page, for stop this,
1. Right-click on the Internet Explorer icon on your desktop and select "Properties".
2. In the "Target" box you will see "C:\Program Files\Internet
Explorer\IEXPLORE.EXE".
3. Now by adding the URL of the site to the end of this it overrides any
Homepage setting in internet options:
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.shareordie.com
1. Right-click on the Internet Explorer icon on your desktop and select "Properties".
2. In the "Target" box you will see "C:\Program Files\Internet
Explorer\IEXPLORE.EXE".
3. Now by adding the URL of the site to the end of this it overrides any
Homepage setting in internet options:
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.shareordie.com
Monday, January 12, 2009
Check For Dos ,Check to see if you are infected
When you first turn on you computer (BEFORE DIALING INTO YOUR ISP),
open a MS-DOS Prompt window (start/programs MS-DOS Prompt).
Then type netstat -arn and press the Enter key.
Your screen should display the following (without the dotted lines
which I added for clarification).
-----------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
Route Table
Active Connections
Proto Local Address Foreign Address State
--------------------------------------------------------------------------------
If you see anything else, there might be a problem (more on that later).
Now dial into your ISP, once you are connected;
go back to the MS-DOS Prompt and run the same command as before
netstat -arn, this time it will look similar to the following (without
dotted lines).
-------------------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1
216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1
216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1
224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1
255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1
Route Table
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 216.1.104.70:137 0.0.0.0:0 LISTENING
TCP 216.1.104.70:138 0.0.0.0:0 LISTENING
TCP 216.1.104.70:139 0.0.0.0:0 LISTENING
UDP 216.1.104.70:137 *:*
--------------------------------------------------------------------------------
What you are seeing in the first section (Active Routes) under the heading of
Network Address are some additional lines. The only ones that should be there
are ones belonging to your ISP (more on that later). In the second section
(Route Table) under Local Address you are seeing the IP address that your ISP
assigned you (in this example 216.1.104.70).
The numbers are divided into four dot notations, the first three should be
the same for both sets, while in this case the .70 is the unique number
assigned for THIS session. Next time you dial in that number will more than
likely be different.
To make sure that the first three notation are as they should be, we will run
one more command from the MS-DOS window.
From the MS-DOS Prompt type tracert /www.yourispwebsite.com or .net
or whatever it ends in. Following is an example of the output you should see.
---------------------------------------------------------------------------------------
Tracing route to /www.motion.net [207.239.117.112]over a maximum of 30 hops:
1 128 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4]
2 115 ms 188 ms 117 ms chat-core.motion.net [216.1.104.1]
3 108 ms 116 ms 119 ms www.motion.net [207.239.117.112]
Trace complete.
------------------------------------------------------------------------------------------
You will see that on lines with the 1 and 2 the first three notations of the
address match with what we saw above, which is a good thing. If it does not,
then some further investigation is needed.
If everything matches like above, you can almost breath easier. Another thing
which should you should check is programs launched during startup. To find
these, Click start/programs/startup, look at what shows up. You should be
able to recognize everything there, if not, once again more investigation is
needed.
-------------------------------------------------------------------------------------------
Now just because everything reported out like we expected (and demonstrated
above) we still are not out of the woods. How is this so, you ask? Do you use
Netmeeting? Do you get on IRC (Internet Relay Chat)? Or any other program
that makes use of the Internet. Have you every recieved an email with an
attachment that ended in .exe? The list goes on and on, basically anything
that you run could have become infected with a trojan. What this means, is
the program appears to do what you expect, but also does just a little more.
This little more could be blasting ebay.com or one of the other sites that
CNNlive was talking about.
What can you do? Well some anti-virus software will detect some trojans.
Another (tedious) thing is to start each of these "extra" Internet programs
one at a time and go through the last two steps above, looking at the routes
and connection the program uses. However, the tricky part will be figuring
out where to tracert to in order to find out if the addresses you see in
step 2 are "safe" or not. I should forewarn you, that running tracert after
tracert, after tracert might be considered "improper" by your ISP. The steps
outlined above may not work exactly as I have stated depending upon your ISP,
but with a true ISP it should work. Finally, this advise comes with NO
warranty and by following my "hints' you implicitly release me from ANY and
ALL liability which you may incur.
Other options
Display protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]
-a.. Display all connections and listening ports.
-e.. Display Ethernet statistics. This may be combined with the -s option.
-n.. Diplays address and port numbers in the numerical form.
-p proto..Shows connections for the protocol specified by proto; proto may be
TCP or UDP. If used with the -s option to display per-protocol statistics,
proto may be TCP, UDP, of IP.
-r.. Display the routing table.
-s.. Display per-protocol statistics. By default, statistics are shown for TCP
UDP and IP; the -p option may be used to specify a subset of the default
interval..Redisplay selected statistics, pausing intervals seconds between each
display. If omitted. netstat will print the current configuration information
once
open a MS-DOS Prompt window (start/programs MS-DOS Prompt).
Then type netstat -arn and press the Enter key.
Your screen should display the following (without the dotted lines
which I added for clarification).
-----------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
Route Table
Active Connections
Proto Local Address Foreign Address State
--------------------------------------------------------------------------------
If you see anything else, there might be a problem (more on that later).
Now dial into your ISP, once you are connected;
go back to the MS-DOS Prompt and run the same command as before
netstat -arn, this time it will look similar to the following (without
dotted lines).
-------------------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1
216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1
216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1
224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1
255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1
Route Table
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 216.1.104.70:137 0.0.0.0:0 LISTENING
TCP 216.1.104.70:138 0.0.0.0:0 LISTENING
TCP 216.1.104.70:139 0.0.0.0:0 LISTENING
UDP 216.1.104.70:137 *:*
--------------------------------------------------------------------------------
What you are seeing in the first section (Active Routes) under the heading of
Network Address are some additional lines. The only ones that should be there
are ones belonging to your ISP (more on that later). In the second section
(Route Table) under Local Address you are seeing the IP address that your ISP
assigned you (in this example 216.1.104.70).
The numbers are divided into four dot notations, the first three should be
the same for both sets, while in this case the .70 is the unique number
assigned for THIS session. Next time you dial in that number will more than
likely be different.
To make sure that the first three notation are as they should be, we will run
one more command from the MS-DOS window.
From the MS-DOS Prompt type tracert /www.yourispwebsite.com or .net
or whatever it ends in. Following is an example of the output you should see.
---------------------------------------------------------------------------------------
Tracing route to /www.motion.net [207.239.117.112]over a maximum of 30 hops:
1 128 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4]
2 115 ms 188 ms 117 ms chat-core.motion.net [216.1.104.1]
3 108 ms 116 ms 119 ms www.motion.net [207.239.117.112]
Trace complete.
------------------------------------------------------------------------------------------
You will see that on lines with the 1 and 2 the first three notations of the
address match with what we saw above, which is a good thing. If it does not,
then some further investigation is needed.
If everything matches like above, you can almost breath easier. Another thing
which should you should check is programs launched during startup. To find
these, Click start/programs/startup, look at what shows up. You should be
able to recognize everything there, if not, once again more investigation is
needed.
-------------------------------------------------------------------------------------------
Now just because everything reported out like we expected (and demonstrated
above) we still are not out of the woods. How is this so, you ask? Do you use
Netmeeting? Do you get on IRC (Internet Relay Chat)? Or any other program
that makes use of the Internet. Have you every recieved an email with an
attachment that ended in .exe? The list goes on and on, basically anything
that you run could have become infected with a trojan. What this means, is
the program appears to do what you expect, but also does just a little more.
This little more could be blasting ebay.com or one of the other sites that
CNNlive was talking about.
What can you do? Well some anti-virus software will detect some trojans.
Another (tedious) thing is to start each of these "extra" Internet programs
one at a time and go through the last two steps above, looking at the routes
and connection the program uses. However, the tricky part will be figuring
out where to tracert to in order to find out if the addresses you see in
step 2 are "safe" or not. I should forewarn you, that running tracert after
tracert, after tracert might be considered "improper" by your ISP. The steps
outlined above may not work exactly as I have stated depending upon your ISP,
but with a true ISP it should work. Finally, this advise comes with NO
warranty and by following my "hints' you implicitly release me from ANY and
ALL liability which you may incur.
Other options
Display protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]
-a.. Display all connections and listening ports.
-e.. Display Ethernet statistics. This may be combined with the -s option.
-n.. Diplays address and port numbers in the numerical form.
-p proto..Shows connections for the protocol specified by proto; proto may be
TCP or UDP. If used with the -s option to display per-protocol statistics,
proto may be TCP, UDP, of IP.
-r.. Display the routing table.
-s.. Display per-protocol statistics. By default, statistics are shown for TCP
UDP and IP; the -p option may be used to specify a subset of the default
interval..Redisplay selected statistics, pausing intervals seconds between each
display. If omitted. netstat will print the current configuration information
once
Saturday, January 10, 2009
Digital Photo ID Cards
Q: What do you need to make a Digital Photo ID Card?
A: Making digital photo ID cards typically requires several components all working together.
1. You need a computer on which you run the photo ID badge software. You cannot print the cards on a PVC card printer without a computer – the printer can't perform anything without the computer.
2. You need software and it must:
a) Offer a database to store the names and personal information of the people for whom you want to issue badges.
b) Provide a way to integrate image capture with the database – not only import images, but associate the images with specific database records.
c) Provide a way to design and edit badges.
d) Send badges from the computer to a card printer. Badging software, like other business applications, comes in a variety of "flavors" – from low-end to high-end. That is, in addition to performing the simple processes described above, the application may come with many other "features" which enhance the usability and functionality of the application. Features might include requiring a secure log-on, allowing the user to add, delete, or edit database fields and create or print reports, etc.
3. You need a PVC card printer to print the badges. PVC (polyvinylchloride) is the same material that your white plastic household plumbing pipes are made out of. It is porous enough to allow colored inks to be absorbed into the surface of the plastic using a "dye sublimation" process, yet durable enough to last years. The PVC printer allows you to print a photo ID badge directly to a plastic card. The non-digital process required cutting and pasting an instant photo and inserting it into a laminated pouch which must then be sealed by sending it through a heat laminator.
4. You need a digital camera or other "input" device. Your PC and software must allow you to:
a) Plug in a camera.
b) Capture the image through the software. More versatile systems will allow you to capture portraits through video cameras, digital cameras, scanners, or by importing from a file –an "import from file" feature allows someone to send a picture to you by email as a file attachment, which you can then import into the database.
5. Additional hardware may be required, such as a video capture board for certain video cameras, tape backup device, UPS (uninterrupted power supply), etc. Video capture boards, for example, are installed in a PCI or AGP expansion slot on your PC's motherboard. The camera usually plugs directly into these boards. Special lighting may need to be set up where you take portrait pictures. If you want to incorporate fingerprints and signatures in your database and badge, then additional image capture devices will be required for them.
6. Consumables are also part of the package. You will need blank or pre-printed PVC cards and printer ribbons (usually in rolls which print from 250-350 cards per).
A: Making digital photo ID cards typically requires several components all working together.
1. You need a computer on which you run the photo ID badge software. You cannot print the cards on a PVC card printer without a computer – the printer can't perform anything without the computer.
2. You need software and it must:
a) Offer a database to store the names and personal information of the people for whom you want to issue badges.
b) Provide a way to integrate image capture with the database – not only import images, but associate the images with specific database records.
c) Provide a way to design and edit badges.
d) Send badges from the computer to a card printer. Badging software, like other business applications, comes in a variety of "flavors" – from low-end to high-end. That is, in addition to performing the simple processes described above, the application may come with many other "features" which enhance the usability and functionality of the application. Features might include requiring a secure log-on, allowing the user to add, delete, or edit database fields and create or print reports, etc.
3. You need a PVC card printer to print the badges. PVC (polyvinylchloride) is the same material that your white plastic household plumbing pipes are made out of. It is porous enough to allow colored inks to be absorbed into the surface of the plastic using a "dye sublimation" process, yet durable enough to last years. The PVC printer allows you to print a photo ID badge directly to a plastic card. The non-digital process required cutting and pasting an instant photo and inserting it into a laminated pouch which must then be sealed by sending it through a heat laminator.
4. You need a digital camera or other "input" device. Your PC and software must allow you to:
a) Plug in a camera.
b) Capture the image through the software. More versatile systems will allow you to capture portraits through video cameras, digital cameras, scanners, or by importing from a file –an "import from file" feature allows someone to send a picture to you by email as a file attachment, which you can then import into the database.
5. Additional hardware may be required, such as a video capture board for certain video cameras, tape backup device, UPS (uninterrupted power supply), etc. Video capture boards, for example, are installed in a PCI or AGP expansion slot on your PC's motherboard. The camera usually plugs directly into these boards. Special lighting may need to be set up where you take portrait pictures. If you want to incorporate fingerprints and signatures in your database and badge, then additional image capture devices will be required for them.
6. Consumables are also part of the package. You will need blank or pre-printed PVC cards and printer ribbons (usually in rolls which print from 250-350 cards per).
Boot Winxp Fast
Follow the following steps
1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.
1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.
Friday, January 9, 2009
Auto End Tasks to Enable a Proper Shutdown
This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.
1. Copy the following (everything in the box) into notepad.
QUOTE
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"AutoEndTasks"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"
2. Save the file as shutdown.reg
3. Double click the file to import into your registry.
NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled.
1. Copy the following (everything in the box) into notepad.
QUOTE
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"AutoEndTasks"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"
2. Save the file as shutdown.reg
3. Double click the file to import into your registry.
NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled.
Anonymity of Proxy
The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.
What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information
The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address
Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).
These are some environment variables:
REMOTE_ADDR ? IP address of a client
HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.
HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.
HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)
HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.
HTTP_HOST ? is a web server?s name
This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.
These are examples of variable values:
REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5
Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.
If a proxy server is not used, then environment variables look in the following way:
REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies
They do not hide information about your IP address:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP
The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies
All proxy servers, that hide a client?s IP address in any way are called anonymous proxies
Simple Anonymous Proxies
These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP
These proxies are the most widespread among other anonymous proxy servers.
Distorting Proxies
As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies
These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:
REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary
Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!
What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information
The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address
Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).
These are some environment variables:
REMOTE_ADDR ? IP address of a client
HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.
HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.
HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)
HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.
HTTP_HOST ? is a web server?s name
This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.
These are examples of variable values:
REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5
Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.
If a proxy server is not used, then environment variables look in the following way:
REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies
They do not hide information about your IP address:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP
The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies
All proxy servers, that hide a client?s IP address in any way are called anonymous proxies
Simple Anonymous Proxies
These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP
These proxies are the most widespread among other anonymous proxy servers.
Distorting Proxies
As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies
These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:
REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary
Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!
Anonymity
I can see you hiding in the shadows over there and so can the logs of all the web sites, FTP servers and other nooks and crannies you visit on the web. The sort of information gathered by these logs and which is available to the webmasters of the sites you visit include the address of the previous site you visited, your IP address, your computer's ID name, your physical location and the name of your ISP along with less personal details such as the operating system you're using and your screen resolution. If someone was snooping through your dustbin to gather information on consumer trends or tracking your every move to see where it is you go everyday you wouldn't be too chuffed would you. Well the web is no different, it's still an invasion of privacy and a threat to security and you don't have to put up with it.
Proxy servers:
Every time you visit a web site, detailed information about your system is automatically provided to the webmaster. This information can be used by hackers to exploit your computer or can be forwarded to the market research departments of consumer corporations who by tracking your activities on the internet are better equipped to direct more relevant spam at you. Your best defence against this is to use what is known as a proxy server, which will hide revealing information from the web sites you visit, allowing you to surf the web anonymously. These work by altering the way in which your browser retrieves web pages or connects to remote servers. With a proxy server set up, whenever you 'ask' IE or Netscape to look at a web page, the request is first sent through an external server which is completely independent of your ISP's servers. This third party server then does the requesting on your behalf so that it appears that the request came from them rather than you and your real IP address is never disclosed to the sites you visit. There is nothing to download and the whole process takes less than a minute.
There are two different ways to use proxy servers and both have their advantages and disadvantages. The first method is to use a web based service. What this involves is visiting the proxy's home page each time you want to browse a web site anonymously. The core component of such a system is the dialog box where you enter the address of the web site you want to visit. Each time you enter the URL of the site you want to browse via the proxy into this box, your personal information, IP address and so on is first encrypted before being sent to the site allowing you to maintain your anonymity. Two of the best examples of this type of web based proxy service are Code:
hxxp://www.rewebber.com/
and hxxp://www.anonymizer.com/.
Obviously one disadvantage of using a web based service like Rewebber or Anonymizer, however, is that you have to visit the proxies home page each time you want to surf anonymously. You could choose to select this page as your default home page, but it's still quite awkward if you're forever site hopping at the speed of light. The second main 'con' is that you often have to put up with extra adverts on the pages you visit. These are automatically inserted into the pages by the proxy - they have to pay for service somehow. More sophisticated and convenient solutions are also on offer yet they come with a price tag.
The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser so that you can surf anonymously without having to visit the home page of your proxy each time. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. Once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now select 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port which it uses in the 'port' box and go forth and surf anonymously.
Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/
however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Rewebber et al, free, public proxies are nearly all over subscribed and so they can slow down web browsing considerably. Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.
One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'localhost' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealther.
You may find that even when using these programs you have difficulty finding good proxy servers. It is for this reason that many people choose only to use proxy servers temporarily whilst doing something which may land them in trouble with their ISP, or in a worst case scenario with the law. The most obvious example of a situation in which you would want to cover your tracks is when scanning for public FTP servers and subsequently uploading to them. Most other net activities are unlikely to incur serious consequences so under these circumstances you can safely surf the web without a proxy. If you're really serious about protecting your privacy, however, your best bet is probably to invest in a dedicated, stable proxy such as the ones offered by Code:
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity
These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.
Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times. Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser. If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.
Anonymity - Cookies
One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser. If you then used Flash FXP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!
Cookies:
You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customised settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts. This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.
The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them. As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' > 'Internet Options' menu items.
If all this sounds like too much hassle, you can always find a labour saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.
Proxy servers:
Every time you visit a web site, detailed information about your system is automatically provided to the webmaster. This information can be used by hackers to exploit your computer or can be forwarded to the market research departments of consumer corporations who by tracking your activities on the internet are better equipped to direct more relevant spam at you. Your best defence against this is to use what is known as a proxy server, which will hide revealing information from the web sites you visit, allowing you to surf the web anonymously. These work by altering the way in which your browser retrieves web pages or connects to remote servers. With a proxy server set up, whenever you 'ask' IE or Netscape to look at a web page, the request is first sent through an external server which is completely independent of your ISP's servers. This third party server then does the requesting on your behalf so that it appears that the request came from them rather than you and your real IP address is never disclosed to the sites you visit. There is nothing to download and the whole process takes less than a minute.
There are two different ways to use proxy servers and both have their advantages and disadvantages. The first method is to use a web based service. What this involves is visiting the proxy's home page each time you want to browse a web site anonymously. The core component of such a system is the dialog box where you enter the address of the web site you want to visit. Each time you enter the URL of the site you want to browse via the proxy into this box, your personal information, IP address and so on is first encrypted before being sent to the site allowing you to maintain your anonymity. Two of the best examples of this type of web based proxy service are Code:
hxxp://www.rewebber.com/
and hxxp://www.anonymizer.com/.
Obviously one disadvantage of using a web based service like Rewebber or Anonymizer, however, is that you have to visit the proxies home page each time you want to surf anonymously. You could choose to select this page as your default home page, but it's still quite awkward if you're forever site hopping at the speed of light. The second main 'con' is that you often have to put up with extra adverts on the pages you visit. These are automatically inserted into the pages by the proxy - they have to pay for service somehow. More sophisticated and convenient solutions are also on offer yet they come with a price tag.
The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser so that you can surf anonymously without having to visit the home page of your proxy each time. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. Once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now select 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port which it uses in the 'port' box and go forth and surf anonymously.
Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/
however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Rewebber et al, free, public proxies are nearly all over subscribed and so they can slow down web browsing considerably. Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.
One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'localhost' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealther.
You may find that even when using these programs you have difficulty finding good proxy servers. It is for this reason that many people choose only to use proxy servers temporarily whilst doing something which may land them in trouble with their ISP, or in a worst case scenario with the law. The most obvious example of a situation in which you would want to cover your tracks is when scanning for public FTP servers and subsequently uploading to them. Most other net activities are unlikely to incur serious consequences so under these circumstances you can safely surf the web without a proxy. If you're really serious about protecting your privacy, however, your best bet is probably to invest in a dedicated, stable proxy such as the ones offered by Code:
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity
These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.
Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times. Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser. If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.
Anonymity - Cookies
One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser. If you then used Flash FXP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!
Cookies:
You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customised settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts. This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.
The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them. As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' > 'Internet Options' menu items.
If all this sounds like too much hassle, you can always find a labour saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.
All about spywares
There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.
What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.
Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.
How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.
Check Here: http://www.spywareguide.com/product_search.php
If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.
Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: AdMuncher (http://www.admuncher.com) This program is Shareware
If you want to remove the "spyware" try these.
Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.
Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.
Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.
Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.
Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
If you would like to prevent "spyware" being install.
Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.
Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.
Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.
If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html
Usefull tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
----------------------------------------------------------------------------
All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended
Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com// - 15k
Finding . is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!
http://www.2020search.com// - 43k
Download the BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!
http://www.browservillage.com/ - 36k
What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.
Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.
How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.
Check Here: http://www.spywareguide.com/product_search.php
If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.
Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: AdMuncher (http://www.admuncher.com) This program is Shareware
If you want to remove the "spyware" try these.
Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.
Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.
Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.
Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.
Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
If you would like to prevent "spyware" being install.
Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.
Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.
Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.
If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html
Usefull tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
----------------------------------------------------------------------------
All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended
Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com// - 15k
Finding . is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!
http://www.2020search.com// - 43k
Download the BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!
http://www.browservillage.com/ - 36k
Thursday, January 8, 2009
* Advanced Shellcoding Techniques
Introduction
This paper assumes a working knowledge of basic shellcoding techniques, and x86 assembly, I will not rehash these in this paper. I hope to teach you some of the lesser known shellcoding techniques that I have picked up, which will allow you to write smaller and better shellcodes. I do not claim to have invented any of these techniques, except for the one that uses the div instruction.
The multiplicity of mul
This technique was originally developed by Sorbo of darkircop.net. The mul instruction may, on the surface, seem mundane, and it's purpose obvious. However, when faced with the difficult challenge of shrinking your shellcode, it proves to be quite useful. First some background information on the mul instruction itself.
mul performs an unsigned multiply of two integers. It takes only one operand, the other is implicitly specified by the %eax register. So, a common mul instruction might look something like this:
movl $0x0a,%eax
mul $0x0a
This would multiply the value stored in %eax by the operand of mul, which in this case would be 10*10. The result is then implicitly stored in EDX:EAX. The result is stored over a span of two registers because it has the potential to be considerably larger than the previous value, possibly exceeding the capacity of a single register(this is also how floating points are stored in some cases, as an interesting sidenote).
So, now comes the ever-important question. How can we use these attributes to our advantage when writing shellcode? Well, let's think for a second, the instruction takes only one operand, therefore, since it is a very common instruction, it will generate only two bytes in our final shellcode. It multiplies whatever is passed to it by the value stored in %eax, and stores the value in both %edx and %eax, completely overwriting the contents of both registers, regardless of whether it is necessary to do so, in order to store the result of the multiplication. Let's put on our mathematician hats for a second, and consider this, what is the only possible result of a multiplication by 0? The answer, as you may have guessed, is 0. I think it's about time for some example code, so here it is:
xorl %ecx,%ecx
mul %ecx
What is this shellcode doing? Well, it 0's out the %ecx register using the xor instruction, so we now know that %ecx is 0. Then it does a mul %ecx, which as we just learned, multiplies it's operand by the value in %eax, and then proceeds to store the result of this multiplication in EDX:EAX. So, regardless of %eax's previous contents, %eax must now be 0. However that's not all, %edx is 0'd now too, because, even though no overflow occurs, it still overwrites the %edx register with the sign bit(left-most bit) of %eax. Using this technique we can zero out three registers in only three bytes, whereas by any other method(that I know of) it would have taken at least six.
The div instruction
Div is very similar to mul, in that it takes only one operand and implicitly divides the operand by the value in %eax. Also like, mul it stores the result of the divide in %eax. Again, we will require the mathematical side of our brains to figure out how we can take advantage of this instruction. But first, let's think about what is normally stored in the %eax register. The %eax register holds the return value of functions and/or syscalls. Most syscalls that are used in shellcoding will return -1(on failure) or a positive value of some kind, only rarely will they return 0(though it does occur). So, if we know that after a syscall is performed, %eax will have a non-zero value, and that the instruction divl %eax will divide %eax by itself, and then store the result in %eax, we can say that executing the divl %eax instruction after a syscall will put the value 1 into %eax. So...how is this applicable to shellcoding? Well, their is another important thing that %eax is used for, and that is to pass the specific syscall that you would like to call to int $0x80. It just so happens that the syscall that corresponds to the value 1 is exit(). Now for an example:
xorl %ebx,%ebx
mul %ebx
push %edx
pushl $0x3268732f
pushl $0x6e69622f
mov %esp, %ebx
push %edx
push %ebx
mov %esp,%ecx
movb $0xb, %al #execve() syscall, doesn't return at all unless it fails, in which case it returns -1
int $0x80
divl %eax # -1 / -1 = 1
int $0x80
Now, we have a 3 byte exit function, where as before it was 5 bytes. However, there is a catch, what if a syscall does return 0? Well in the odd situation in which that could happen, you could do many different things, like inc %eax, dec %eax, not %eax anything that will make %eax non-zero. Some people say that exit's are not important in shellcode, because your code gets executed regardless of whether or not it exits cleanly. They are right too, if you really need to save 3 bytes to fit your shellcode in somewhere, the exit() isn't worth keeping. However, when your code does finish, it will try to execute whatever was after your last instruction, which will most likely produce a SIG ILL(illegal instruction) which is a rather odd error, and will be logged by the system. So, an exit() simply adds an extra layer of stealth to your exploit, so that even if it fails or you can't wipe all the logs, at least this part of your presence will be clear.
Unlocking the power of leal
The leal instruction is an often neglected instruction in shellcode, even though it is quite useful. Consider this short piece of shellcode.
xorl %ecx,%ecx
leal 0x10(%ecx),%eax
This will load the value 17 into eax, and clear all of the extraneous bits of eax. This occurs because the leal instruction loads a variable of the type long into it's desitination operand. In it's normal usage, this would load the address of a variable into a register, thus creating a pointer of sorts. However, since ecx is 0'd and 0+17=17, we load the value 17 into eax instead of any kind of actual address. In a normal shellcode we would do something like this, to accomplish the same thing:
xorl %eax,%eax
movb $0x10,%eax
I can hear you saying, but that shellcode is a byte shorter than the leal one, and you're quite right. However, in a real shellcode you may already have to 0 out a register like ecx(or any other register), so the xorl instruction in the leal shellcode isn't counted. Here's an example:
xorl %eax,%eax
xorl %ebx,%ebx
movb $0x17,%al
int $0x80
xorl %ebx,%ebx
leal 0x17(%ebx),%al
int $0x80
Both of these shellcodes call setuid(0), but one does it in 7 bytes while the other does it in 8. Again, I hear you saying but that's only one byte it doesn't make that much of a difference, and you're right, here it doesn't make much of a difference(except for in shellcode-size pissing contests =p), but when applied to much larger shellcodes, which have many function calls and need to do things like this frequently, it can save quite a bit of space.
Conclusion
I hope you all learned something, and will go out and apply your knowledge to create smaller and better shellcodes. If you know who invented the leal technique, please tell me and I will credit him/her.
This paper assumes a working knowledge of basic shellcoding techniques, and x86 assembly, I will not rehash these in this paper. I hope to teach you some of the lesser known shellcoding techniques that I have picked up, which will allow you to write smaller and better shellcodes. I do not claim to have invented any of these techniques, except for the one that uses the div instruction.
The multiplicity of mul
This technique was originally developed by Sorbo of darkircop.net. The mul instruction may, on the surface, seem mundane, and it's purpose obvious. However, when faced with the difficult challenge of shrinking your shellcode, it proves to be quite useful. First some background information on the mul instruction itself.
mul performs an unsigned multiply of two integers. It takes only one operand, the other is implicitly specified by the %eax register. So, a common mul instruction might look something like this:
movl $0x0a,%eax
mul $0x0a
This would multiply the value stored in %eax by the operand of mul, which in this case would be 10*10. The result is then implicitly stored in EDX:EAX. The result is stored over a span of two registers because it has the potential to be considerably larger than the previous value, possibly exceeding the capacity of a single register(this is also how floating points are stored in some cases, as an interesting sidenote).
So, now comes the ever-important question. How can we use these attributes to our advantage when writing shellcode? Well, let's think for a second, the instruction takes only one operand, therefore, since it is a very common instruction, it will generate only two bytes in our final shellcode. It multiplies whatever is passed to it by the value stored in %eax, and stores the value in both %edx and %eax, completely overwriting the contents of both registers, regardless of whether it is necessary to do so, in order to store the result of the multiplication. Let's put on our mathematician hats for a second, and consider this, what is the only possible result of a multiplication by 0? The answer, as you may have guessed, is 0. I think it's about time for some example code, so here it is:
xorl %ecx,%ecx
mul %ecx
What is this shellcode doing? Well, it 0's out the %ecx register using the xor instruction, so we now know that %ecx is 0. Then it does a mul %ecx, which as we just learned, multiplies it's operand by the value in %eax, and then proceeds to store the result of this multiplication in EDX:EAX. So, regardless of %eax's previous contents, %eax must now be 0. However that's not all, %edx is 0'd now too, because, even though no overflow occurs, it still overwrites the %edx register with the sign bit(left-most bit) of %eax. Using this technique we can zero out three registers in only three bytes, whereas by any other method(that I know of) it would have taken at least six.
The div instruction
Div is very similar to mul, in that it takes only one operand and implicitly divides the operand by the value in %eax. Also like, mul it stores the result of the divide in %eax. Again, we will require the mathematical side of our brains to figure out how we can take advantage of this instruction. But first, let's think about what is normally stored in the %eax register. The %eax register holds the return value of functions and/or syscalls. Most syscalls that are used in shellcoding will return -1(on failure) or a positive value of some kind, only rarely will they return 0(though it does occur). So, if we know that after a syscall is performed, %eax will have a non-zero value, and that the instruction divl %eax will divide %eax by itself, and then store the result in %eax, we can say that executing the divl %eax instruction after a syscall will put the value 1 into %eax. So...how is this applicable to shellcoding? Well, their is another important thing that %eax is used for, and that is to pass the specific syscall that you would like to call to int $0x80. It just so happens that the syscall that corresponds to the value 1 is exit(). Now for an example:
xorl %ebx,%ebx
mul %ebx
push %edx
pushl $0x3268732f
pushl $0x6e69622f
mov %esp, %ebx
push %edx
push %ebx
mov %esp,%ecx
movb $0xb, %al #execve() syscall, doesn't return at all unless it fails, in which case it returns -1
int $0x80
divl %eax # -1 / -1 = 1
int $0x80
Now, we have a 3 byte exit function, where as before it was 5 bytes. However, there is a catch, what if a syscall does return 0? Well in the odd situation in which that could happen, you could do many different things, like inc %eax, dec %eax, not %eax anything that will make %eax non-zero. Some people say that exit's are not important in shellcode, because your code gets executed regardless of whether or not it exits cleanly. They are right too, if you really need to save 3 bytes to fit your shellcode in somewhere, the exit() isn't worth keeping. However, when your code does finish, it will try to execute whatever was after your last instruction, which will most likely produce a SIG ILL(illegal instruction) which is a rather odd error, and will be logged by the system. So, an exit() simply adds an extra layer of stealth to your exploit, so that even if it fails or you can't wipe all the logs, at least this part of your presence will be clear.
Unlocking the power of leal
The leal instruction is an often neglected instruction in shellcode, even though it is quite useful. Consider this short piece of shellcode.
xorl %ecx,%ecx
leal 0x10(%ecx),%eax
This will load the value 17 into eax, and clear all of the extraneous bits of eax. This occurs because the leal instruction loads a variable of the type long into it's desitination operand. In it's normal usage, this would load the address of a variable into a register, thus creating a pointer of sorts. However, since ecx is 0'd and 0+17=17, we load the value 17 into eax instead of any kind of actual address. In a normal shellcode we would do something like this, to accomplish the same thing:
xorl %eax,%eax
movb $0x10,%eax
I can hear you saying, but that shellcode is a byte shorter than the leal one, and you're quite right. However, in a real shellcode you may already have to 0 out a register like ecx(or any other register), so the xorl instruction in the leal shellcode isn't counted. Here's an example:
xorl %eax,%eax
xorl %ebx,%ebx
movb $0x17,%al
int $0x80
xorl %ebx,%ebx
leal 0x17(%ebx),%al
int $0x80
Both of these shellcodes call setuid(0), but one does it in 7 bytes while the other does it in 8. Again, I hear you saying but that's only one byte it doesn't make that much of a difference, and you're right, here it doesn't make much of a difference(except for in shellcode-size pissing contests =p), but when applied to much larger shellcodes, which have many function calls and need to do things like this frequently, it can save quite a bit of space.
Conclusion
I hope you all learned something, and will go out and apply your knowledge to create smaller and better shellcodes. If you know who invented the leal technique, please tell me and I will credit him/her.
Subscribe to:
Posts (Atom)