PCUGR Shareware SIG - November,
2002
Rawls Frazier,
Facilitator
rfrazier
He, he, this time we had
juice! No, not Wine Country libations. Power. As in electricity. And, with a
nice turnout of six people, we did the meeting originally planned for
October. Plus a few extras.
.MSC
files
One of the programs to be looked at this month is Diskeeper Lite. But upon
installation, Rawls found there was a new executable file type associated with the
desktop shortcut that he were not familiar with.
Checking with F-prot for viruses revealed that this was also not a normal
extension checked (the file was checked directly, however, just to be
sure). This led to a bit of exploration into .MSC files and file extensions
in general. Some key points:
- It is not sufficient to
locate just one definition of a file type when doing a search. The three
letter extension that signifies a type may have been used for more than
one purpose.
- The .MSC extension is
identified in various sources for MS C make files, Microsoft Common
Console documents, Microsoft Snap-in Console (this may be the same as
the common console), msm compressed files and Microsoft Management
Console files.
- .MSC file extensions are
an extension to be vigilant about. These can be associated with virus
attacks like scrap files (), .VBS, .WSH, etc. files.
- In the case of Diskeeper,
the file type is for the Microsoft Management Console
To facilitate finding what
files are associated with what extensions andvirus dangers here is a list of
web links:
File Extensions:
http://www.icdatamaster.com/z.html
http://www.seniormag.com/compcorner/definitions/ext/biglistm.htm
http://www.emailscrubber.com/file_extensions.htm
(note - there will be a "password" dialog that comes up. Just
click cancel to view)
http://www.spconnect.com/pipermail/esd-l/2001q2/002640.html
http://www.webopedia.com/quick_ref/fileextensions.asp
http://intranet.logiconline.org.ve/Techinfo/file_extension.html
http://filext.com/index.htm
http://www.barrett.net/fileextensions.htm
http://whatis.techtarget.com/fileFormatA/0,289933,sid9,00.html
http://www.techdictionary.com/filename.html
Virus Warnings!:
http://www.bcentral.co.uk/technology/security/outlookprotection.asp
http://www.geocities.com/floydian_99/invisible.html
http://www.geocities.com/floydian_99/invb.html
http://itadmin.appfa.auckland.ac.nz/useful/general/DangerousWindowsExtensions.pdf
http://antivirus.about.com/library/blext.htm
http://security.uwo.ca/antivirus/EFE.html
http://www.cknow.com/vtutor/vtextensions.htm
Executable Files:
http://cwashington.netreach.net/depo/view.asp?Index=87&ScriptType=perl
http://www.extremetech.com/article2/0,3973,16125,00.asp
Specific warning about
Norton AV - bottom line, don't "quarantine" viruses. Just
delete them:
http://www.milter.org/comments.pl?sid=31&op=&threshold=0&commentsort=0&mode=thread&pid=28#43
"The windows registry
contains a variety of things. Among these is what program these files
with. For example, a word file couldwith "C:\Progra~1\MicroCrap\Winword.exe
%1". %1 is the name of the file. %* is all other command line params
(yes, you can give params to Word Docs :P ) Anyhow, EXE fileswith
"%1". In other words, when you shell (run) an exe file, the
exe is invoked. Using this method, you can make .QRW files executable if you
really want. Also, some antivirus programs rename viruses to .vir when
detected, and automatically exempt them. (*cough* *cough* Norton!). If you
set .VIR files towith %1, you can run *ANY* virus on the system, and
it will be exempt from all checks (disk _and_ memory) by default. You heard
it here first! :P Carlos Averett Cyt0plas"
Diskeeper
Lite
Diskeeper
Lite is a fully operational, free manual-only version of the premier
Windows NT/2000/XP disk defragmenter. This version also works with Win98/ME
(but not Win95). In use, it can do only one volume (i.e., drive) at a time
while the full version can do multiple volumes. Also missing from this lite
version are the scheduling, system management and network functions (but
explanations of these are included to entice you to upgrade). One of the
nice features we demonstrated was the analyze functions which graphically
showed how fragmented the disk was, with color coding of the fragment
information. A report with details is also generated when the analysis is
run. (Note, it is always a good idea to do a complete disk backup
before running a utility such as Diskeeper. Although these types of
utilities go to great lengths to be safe, moving disk clusters around always
has an inherent risk. Better safe than sorry!)
Prevaricator
"How can you tell when a
politician is lying? His lips move!" -- Max Headroom. Well, Prevaricator,
a special sound recorder applet, claims to analyze speech patters and
suggest when there is stress (perhaps lying?) in the speaker. We demoed a
canned example (Nixon's "I'm not a crook" statement), but in use
you would want to record some normal speech of a subject, set the
"stress" regions (red bars on the display) and then, perhaps,
interview the subject asking more probing questions - at least if you
believed in the output. Our take was this was more fun and games than
serious.
Newspeak
While we were on the topic of speaking, we took a look at the amusing Newspeak
program that takes some ordinary text and converts into either
"Politically Correct" speech or "Old Style" talk. The
politically correct output is mostly obsequiously polite jargon. Much more
amusing was the old style: "My Brethren, here art step-by-step
instructions" or "if there is any hesitation or reports of most
foul sectors, throw away the floppy & start". This could be fun to
email some doctored text. A couple of usage notes. The program output
always goes to the same file names: oldstyle.tmp and modern.tmp. If you want
to keep the output, you need to either rename the files or copy the contents
out. Also, the program was extremely picky about the input text files. We
did not investigate what the issue was, but if the program didn't like the
input file it crashed and burned. One work around was to read the text into
Word, save the file as a Word document (.doc file) and then re-save it as a
.txt file. Messy.
Slap
With Slap
you can send back a rude message to those nasty people who try to attach to
your machine without your permission. You can manually enter an IP address
of the offending machine (you would get this, for example, when your
firewall alerts you) or you can let the program "Autoslap" the
intruder using information received when Black Ice or Zone Alarm issues a
warning. When slapping the other machine, Slap tries to access all ports on
its port list and then send a message (the default is "Leave Me
Alone!"). After discussion, we all concluded that this utility probably
is not something to recommend - by responding, you basically let the other
end know that you exists. Not such a good idea. Oh well. Too bad you cannot anonymously
send the slap. We did get a cute .WAV file, however :-)
TaskManager
TaskManager
was the first of a couple of programs we looked at next. The primary purpose
of these are to control what automatically runs when you start up the
computer. In the case of TaskManager, it purportedly was intended to give a
"NT" like task manager utility to Win9x systems. In use, however,
we found this program to be rather limited. First off, the displayed window
was not adjustable for size and it did not "live" on the task bar,
which made things cumbersome to use. Second, although there was a complete
list of running applications, the only options available with these were
"Terminate" and "Terminate and Delete".
Starter
In contrast to TaskManager, Starter
was much more than just a task manager. The program has two main sections: "All Sections" - the task manager and "Processes" -
a comprehensive listing of running processes and resources used. As a task
manager, one can enable or disable programs from automatically starting,
edit their functions (e.g., add a command line parameter), delete the item
or create a completely new entry. Extensive information on an item is just a
double click away: who created it, version information, the ID of the
executable, and more. On the processes side, similar information is
displayed for currently running programs: the process name, the executable
file location, the process ID and run priority, system resources used (i.e.,
heap and thread IDs) as well as associated modules used (e.g., .DLLs). From
the GUI one can terminate a process, change a process priority and determine
file details about the used modules (creator, version, file path, etc.). The
look and feel of the program is also quite customizable. The program is
freeware and works with Win9x/ME/NT/2000/XP.
Squeaky
Clean
Ever try to clean your mouse while the system is running? Not a pretty sight
- the cursor goes berserk; accidental mouse clicks trigger menus or, worse,
unintended actions. Of course you can shut down the system and clean safely
(but who is patient enough to do that?). Or you can use Squeaky
Clean. When you've finally had it with the mouse, fire up Squeaky Clean,
rip the mouse apart and give a thorough cleaning. While running, Squeaky Clean
pops up a "mouse jail" confining your cursor and disables the
mouse buttons so you can clean with impunity. Once done, press the Esc key
and you are back in business. Freeware from Kiwi Enterprises.
SpyBot-Search
& Destroy
SpyBot-S&D scans
your hard disk for "spybots" (spyware robots) and gives you the
option to delete them as you see fit. The program works by checking file
signatures against an upgradeable list, much like an anti-virus program
does. The program can also clear out history files, cookies, etc from IE,
Netscape and Opera to make it more difficult for spybots not currently on
the SpyBot-S&D list to work. Other features include a invalid registry
entry cleaner and a list of "opt-out" sites. Usage is reasonably
straight forward: click the "Check all" button and then select the
items to remove. Items found are color coded: spyware is red while green are
so-called "usage tracks" - cookies, etc. If it turns out that a
removed item causes an, e.g., ad-supported program to stop working, you can
easily reverse things with the "Recovery" button. For those
interested, the publisher, PepiMK Software, maintains a spybot
list. SpyBot-S&D is freeware and works with Win9x/ME/NT/2000/XP.
While on the topic, we took
a look at the opt
outs list on Technoerotica.
They also have a hostfile list to kill ads as well.
SpamPal
One way to fight off spam is to screen your email against a "blocking
list" (a.k.a., a DNSBL list). Of course, you don't want to do
this - you want a software agent to do this for you. SpamPal
is such a program. It sits between your ISP's email server and your email
client, checking the incoming email against the blocking list. Mail from a
system on the blocking list will be tagged as probable spam so that your
email client can easily filter the message as you desire. A set of DNSBL
lists are provided, but you can add others (find these via an internet
search - for example the Doug
Bagley's Anti-Spam Resources and Tools) or let the SpamPal internet site
do periodic updates. You can fine tune things further by creating your own
custom "blacklist" as well as a "whitelist" for items
that should not be tagged. SpamPal is freeware for Win9x/ME/NT/2000/XP.
allSnap
Ever try to dock a couple of program windows together and wished for a way
to make them just jump together similar to programs like Winamp? Well, that is what allSnap
is all about. Set the sensitivity (how may pixels away the other window can
be before they snap together) and snap away. Freeware from Ivan Heckman.
Disk
Investigator
SectorSpyXP
and SectorSpy98
Getmbr
Our next tack (think sailing) was toward more esoteric system utilities: examining raw disk sectors. Why? Because of a desire to understand different
disk partition formats and to explain a peculiar program with a quirk that caused
it to fail when disk was partitioned with Win98 FDISK but not Win95 FDISK.
Both Disk
Investigator and SectorSpy
proved to be OK for looking at raw disk sectors of a partition (i.e., a
drive letter), but neither could be directed to examine the Master Boot
Record (MBR) where the partition table resided. Instead, a DOS command line
program collection which included the utility getmbr
was called into action. Besides allowing for partition table inspections,
the output of getmbr could be used to backup the MBR (the corresponding
restore program is restmbr). So what's up with the MBR that the peculiar
program can't deal with? Apparently a subtle difference in the partition
table flag for extended partitions. For those interested in the nitty gritty
of partition tables, here are some useful links:
http://www.win.tue.nl/~aeb/partitions/
http://www.win.tue.nl/~aeb/partitions/partition_types.html#toc1
http://www.win.tue.nl/~aeb/partitions/partition_types-1.html
http://www.firmware.com/support/bios/w95fdisk.htm
BookSearch
BookSearch
is a desktop meta-search tool that lets you search for books on specific
topics across several
book sites (e.g., Amazon.com). It is simple to use: enter keywords into the
text area, click the book sites to be searched and click the search button.
A browser window from your default browser will start up for each book site
selected. The only downside to this application is that you cannot edit, add
or remove sites to search. Freeware from Kevin Solway.
Split
Email - how to fix
A demo on how to fix a broken email with attachments using Aladdin Systems'
free Expander was given next. (Note, Aladdin Systems' Stuffit compression
utility can be used in exactly the same way. Aladdin Systems offers great
user group
prices. Check them out!) The problem was an email
with attachments arrived in 3 pieces. The objective was to reassemble the
email and recover the attachments.
Step 1. Save each email
part as a text file (e.g., msg1.txt; msg2.txt; msg3.txt).
Step 2.the each
message in a text editor that can hold large text files (e.g. NotePad+).
Step3. Select all the text
in the second message part, copy it to the clipboard and paste it into the
the first message part. Repeat for the third part.
Step4. Save the first
message part, now with all the other message parts tacked onto it, to a new
file name.
Step 5. Drag the completed
message file onto the Expander icon on the desktop and, voila! Expander
splits the message out into the text portions (i.e., the email message
itself) and the attachment portions. In the case demonstrated, there were
two attachments, both MSWord documents.
A big thanks to everyone
who came out and participated and to Bernie Stepan, for the meeting room at RE/MAX Marina, Petaluma. Click on the RE/MAX balloon icon below for
more information about the real estate services available from RE/MAX Marina
in Petaluma!
RE/MAX Marina
775 Baywood Dr. #100
Petaluma, CA
|
