My Windows 8.1 experience

I installed Windows 8.1 last week to see how bad it really is.


Well, it’s more stable than Windows Me, but Windows Me was a lot nicer to use. It’s awful. Because I listen to podcasts, I know that there’s magic in hovering your mouse over the upper right hand screen. And somehow I was able to get to a desktop pretty quickly. The first thing I did was launch Internet Explorer and install Classic Shell, which, as promised, makes it a dead ringer for Windows 7 or XP or even 2000 if you want. Much better.

What else? Read more

Clean up after Windows Update

Thanks to a new tool that Microsoft pushed out in 2013, it’s very easy to clean up after Windows Update and free up a bunch of disk space.

In 2013, Microsoft released a new Disk Cleanup tool. Click your start button and type “Disk Cleanup” to launch it. If you see a new option called “Clean Up System files,” you got the update. If you don’t see it, visit this page (Internet Explorer-only, unfortunately) to grab it. Read more

How to take a screen capture of a web site in Windows

I can’t imagine needing to take a screen capture of a web site terribly often, but I have had to do it a few times in the past year. I used Snagit to do it, and it didn’t always do the best job–sometimes the program would crash, or the CPU would race and I would have to resort to ctrl-alt-del to get things back to normal–and not get my screen capture.

IE Capt is a small, standalone utility to do just that. Feed it the URL you want to capture, and it uses Internet Explorer’s Trident engine to render the page and outputs it to an image file for you. If you’re comfortable with the command line, it’s a faster, easier way to get your screen capture. And it’s free, which doesn’t hurt either.

The outbound firewall controversy

So, do you need an outbound firewall? Two people say no.

I agree but I disagree. I like the idea behind an outbound firewall, but in practice, I find they don’t work. The human element makes them fail. Whenever a computer asks for permission to do something, people generally fall into two camps: People who say yes all the time, and people who say no all the time. With the people who say yes all the time, the malware gets to do whatever it wanted anyway, so the firewall fails to do its job. With the people who say no all the time (Why does Internet Explorer want to connect to the Internet?), nothing works.

Ultimately, the argument against them is that if you don’t trust a piece of software to connect to the Internet, you shouldn’t have that software on your computer at all. I agree completely with that argument. Only install trusted software that you get from trusted sources, learn how to check the MD5 or SHA1 signatures to ensure the software is what it says it is, and then and only then install it.

A firewall is one of the most basic of security tools. You need one to protect yourself against basic threats. Not having one is negligent. But trying to turn that firewall into something other than a basic tool–something it’s not–generally isn’t going to get you very far. A firewall with training wheels on it isn’t a substitute for security awareness.

And here’s the thing. The Windows built-in firewall does block certain outbound connections, mostly on antiquated ports that are generally used for malware more frequently than for legitimate purposes anymore. It just doesn’t jump up and down and tell you that it’s doing it. It just quietly does its job, which is exactly what you want your firewall to do.

How I accidentally found a way to mess with “Peggy”

“Peggy” from “Computer Support Department” just won’t give up. He called me again at about 8 PM this evening. This time, I played along. I had a thrift-store junker PC for him to infect with his malware. The only problem was, the hard drive wasn’t connected and neither was the power cord. So I quickly hooked all that up, booted up, and then played along.

“I want you to click on Internet Explorer.”


“What do you see?”

“Page cannot be found.”

Thus I learned that Peggy isn’t very good at troubleshooting network issues. Read more

A treasure trove of training material

Need to improve your security skills? Need a refresher course to brush up on some skills you haven’t used in a while? Or are you just looking for some CPEs or CEUs to keep your certification valid?

The United States Department of Defense offers a great deal of security training, much of which is freely available to all comers. Your tax dollars paid for it, so don’t feel bad about using it. Besides, if you use it to improve your networks, then your networks are less likely to become a source of attack on government networks, so they’re happy for you to use most of it.

Here’s a hint: Anything that isn’t viewable by the general public is marked ” *(DoD PKI Cert req’d).” If you don’t see that marking, then it’s free for you to view. Just click the link marked “Launch Training.” Read more

And the most security-riddled program of 2012 was….

Secunia released its annual vulnerability review, a study of the 50 most vulnerable pieces of software in 2012. It was a fairly tight-three way race at the top, and the distance between #3 and #4 was huge.

I was actually surprised at who the top three were. They weren’t the three usual suspects. But in the case of the top two, they did, to their credit, roll out fixes within 30 days of disclosure.

So now that I’m killing you with suspense….
Read more

Internet Explorer 10 is out for Windows 7

Microsoft finally released IE10 for Windows 7 after a long development cycle. Conspiracy theorists think it had something to do with Windows 8 sales. Whatever the reason was, it’s out.

Allegedly, you can slipstream it using these official instructions. I’ll give it a whirl the next time I have to install Windows 7. If you want to slipstream all the other updates, here’s how. You can skip the IE9 part if you slipstream IE10.

The lines between white hat/gray hat/black hat hacking and moral laws

Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws?

The first question is easier than the second. So I’ll tackle that one first. Read more

What I did since I (temporarily) need Java

I’ve been seeing the same question over and over in my search logs lately: Is Java safe to run in 2013?

Generally speaking, the answer is no.
I have little choice but to run Java right now, though. I’m studying for a certification exam, and the best quiz program that I know of is written in Java. Its user interface is in Polish, a language I don’t speak, but that bothers me less than it being written in Java. Google Translate can help me with the Polish, but it can’t make Java safe. That’s up to me.

So here’s what I did.
Read more

WordPress Appliance - Powered by TurnKey Linux