Tag: "windows vista"

Applications I tolerate - my software setup

So I get accused a lot of spouting off about applications I hate, and I've been asked what my typical system looks like. Good idea. I'll make two distinctions - between machines I setup for other people and my own system with the applications I need to get anything done.

My systems comprise of:

  • Windows Vista Ultimate Edition SP1.
  • Office 2007 Ultimate SP1:
    1. Word 2007.
      Excel 2007.
      PowerPoint 2007.
      Outlook 2007.
      OneNote 2007.
  • Expression Studio 2:
    1. Expression Web 2.
      Expression Encoder 2.
  • Emeditor Free.
  • Smart FTP 3.
  • Paint Shop Pro 7.
  • PhotoShop CS 2.
  • Sound Forge 8.
  • Virtual PC 2007 SP1.
  • WorldWide Telescope.
  • Virtual Earth.
  • Windows Live Messenger.

Yes this list isn't including the games I've got installed at the moment - as they build up in volume as I decide to play different ones.

For other people it looks more like this:

  • Windows Vista (whatever SKU they've got) SP1.
  • Office 2007 (whatever SKU they've got) SP1:
    1. Word 2007.
      Excel 2007.
      PowerPoint 2007.
      Outlook 2007.
      OneNote 2007.
  • Windows Live Suite:
    1. Windows Live Messenger.
      Windows Live Mail.
      Windows Live Writer.
      Windows Live Photo Gallery.
  • AVG Free 8.
  • WorldWide Telescope.
  • Virtual Earth.

Keeping your computer in good working order starts with not installing any old junk on your system, these applications are all good citizens. Well there are two acceptions: Windows Live Messenger and AVG Free 8 which need a bit of tweaking before I find them acceptable. I am always shocked at how much junk people have installed on their systems, so many little applications of varying quality all over the place cannot have a positive impact on system performance and reliability.

Configuring AVG Free 8 anti-virus for the best experience

I've recommended AVG Free anti-virus for years (update: I now recommend Security Essentials), I used to run it back when I was using Windows XP. I've still not, after using Windows Vista for two years, got around to actually installing any anti-virus on my main machines. But when my sister got her new laptop, as she had administrative rights I made sure to install some before handing it over.

There are other free anti-virus software out there, such as Avast which like AVG Free is licensed just for personal usage. Avast however I found to be more annoying than AVG, and by annoying I mean with stupid things being thrown all over the screen and stupid animated icons in the tray.

AVG Free up until version 8 was plagued by this annoying update window that popped up when there was an update to install. It was by far the most annoying feature of the program. AVG Free 8 however seems to of fixed this, to date while using the laptop I've yet to see AVG Free open a stupid window saying updating or any other annoying bubbles - once its been configured properly.

No doubt as many of my readers know, I detest heavy security suites. Honestly they cause more problems than the security issues they're supposed to be protecting you against. On Windows Vista all I would recommend somebody install is AVG Free 8, they don't need some bloated security suite which half takes over the system. However getting it configured right so it doesn't ruin the user experience is important, and cannot be done using the default settings.

I hope to make this the first of a few guides. Whenever I see somebody else's computer I am shocked at how much junk is on the system, and how ugly it looks, you only need to look at some of the screenshot threads on Portal Forums to see how bad some people's systems are - no wonder Mac marketshare has gone up 1% if people associate Windows with such a bad user experience - a bad user experience almost entirely created by 3rd party applications, often times installed by the computer manufacturer, but sometimes installed by security suites that people are frightened into buying.

Part 0: Finding it on their website.

Grisoft have no doubt made it harder to find the free version, and when you do find it you get prompted at several screens to try and full internet suite. I think it has moved off their main website, or is very buried, but you can find it on free.grisoft.com.

If you do have problems finding it, a search engine will no doubt track down a copy of it. Just make sure to get it from somewhere trustworthy like CNET's download website.

Part 1: Installation and first run.

After clicking accept past the licence screens the first option we get in the installer asks us if we want to choose "Standard installation" or "Custom Installation". May I suggest we pick "Custom Installation".

After that we get an activation screen, just hit next on that and then we're prompted to select which modules you want installed, typically I'd recommend un check everything other than the core program, e-mail scanners are known to cause issues with some e-mail clients. As are document scanners and other programs if they're ever offered I'd recommend avoiding them and relying on the core resident scanner instead.

Next we get asked to install the "AVG Security Toolbar", no thanks, deselect the check box and select next. It'll then ask us where we want to install, the default location is fine. It'll then go ahead and complete the installation.

Once the installer has finished it'll open up the first run wizard.

Step 2 of 7 asks us how often we'd like to install updates, for me this appears to be greyed out, the other section however asks what time we'd like our daily scans to take place. I typically would disable automatic scans, but you can set this how you like.

Step 3 of 7 asks if we want AVG to collect data about our usage habits, select yes if you want, or no if you don't.

Step 5 of 7 and asks if we want to update now. Sure why not.

It then prompts us to register, I'm fine thanks, clicking next and then finish will complete the first run wizard.

At this point I would typically delete the icon it left on the desktop (without asking for my permission to do that).

Part 2: Configuration.

We're almost done, now we just have to tidy up a few loose ends.

Double click on the AVG icon in the system tray, which should open the application control panel.

From here, at the top of the window in the menu bar is the "Tools" option, clicking that and select advanced settings.

I'd suggest turning off all the silly notifications, we don't need it throwing something up on the screen just because it updated itself.

The last thing I want to touch on is a new feature in AVG Free 8. This is called the "Link Scanner". Basically what this does is load a browser add-on which scans any links with AVG's database, the results look like this:

It places a little status icon next to every link, and whenever you bring the pointer near it throws open that little window saying about the website, and offering an advertisement to upgrade to a more bloated security program.

No thanks. I want the browser to work how the people who designed the browser intended, I want to see the web page how the designer intended. I'm not a fan of 3rd parties throwing their code into the browser willy nilly, I recommend this option gets disabled. Internet Explorer 7 on Windows Vista is sandboxed and isn't vulnerable to drive-by downloads and the like, plus the phishing filter let's you know of any dodgy websites that may try and steal your details anyway, this seems unnecessary to me, and overly bloated.

There's two ways to go about doing this. The first and most obvious way is to disable it from within AVG itself, at the main control panel, double click on "Link Scanner" and there's an option to turn it off.

Simply deselect the option and OK your way out. This does have one problem, it turns the AVG tray icon into ugly mode, to notify you something is wrong.

So I've tried disabling it via Internet Explorer's add-on management controls, and AVG doesn't seem to realise its disabled from in there, keeping it happy looking.

You can disable it from Internet Explorer by clicking Tools and selecting Manage add-ons. Then you just need to find AVG Safe Search in the list, and click disable. Restart the browser and its back to normal.

Step 3: Enjoy your computer, knowing it isn't overly bloated like it would be if you installed something like Norton or McAfee.

Once that is completed, you've got AVG Free 8 installed how I would install it on one of my machines. Streamlined and out of the way, how all security programs should behave out-of-the-box.

iReboot's developer(s) show their ignorance about UAC

I saw a post on Slashdot titled "Coding Around UAC's Security Limitations", which pointed towards this.

The whole angle of the post on Slashdot is trying to make it seem that UAC doesn't do anything and is worthless, the iReboot developers certainly have that angle too, in what I'm sure some would call a childish tirade.

iReboot is an application that sits in the tray, and allows you to select an OS you want to reboot into. It does this by changing the boot loader so the OS you selected is the default and then rebooting the machine.

To modify the boot loader, you obviously need administrative privileges, this is a system-wide change and wrongly altered can render the system unbootable.

On Windows XP the iReboot application required you to be logged in as an administrator, for obvious reasons (standard users not having the rights to change the boot loader).

On Windows Vista, iReboot would also require administrative privileges to work. With UAC, even users logged in as administrators have their applications run as standard users, which is why applications need to elevate to run as administrators.

The developer goes on to write:

But there was one flaw in iReboot that made all the hard work we put into making it as unobtrusive and minimalistic as possible almost meaningless: if you had UAC enabled, iReboot will not run automatically at startup, no matter what you do.

iReboot could run automatically at startup with UAC enabled, the developer doesn't seem to be aware that you can write an application to ask for elevation. His application didn't - and so it just fails. Like it should. Obviously automatically starting an application and asking for elevation isn't a very good experience, which is why it shouldn't be done this way either.

I'm sure you all know that the Windows NT line (and other modern operating systems) has had the concept of "services". It seems the developer had to do some "digging around" for solutions, come on, any Windows geek knows how services work, this guy actually had to do research?

Services are usually started automatically by the system, for example the time service which goes out to the internet and corrects the time on your system. Changing the time requires administrative privileges, and as such the time service runs with administrative privileges. The same can be said about the 50 or so other services that run on the system.

He goes on to say:

only possible fix would be to split iReboot into two parts. One would run in the background as a service, running under the SYSTEM or LOCAL SERVICE accounts and having privileged access to the OS without requiring admin approval or UAC elevation, and with the second half running as an unprivileged userspace client program which interacts with the service backend to get stuff done.

This is also how it should be done on Windows XP, 2000 etc so that your application would work on standard user accounts, but it seems he doesn't care about standard users on Windows XP where he says "everyone runs as an Administrator", which isn't quite true. Others and myself have long tried to get people running as standard users on Windows XP, it is thanks to developers like this that kept people from running as standard users and greatly reduced the security of the world's computer base.

The developer then goes onto complain about how long all this took:

[G]etting this far wasn't easy. With Windows Vista, what should have been 100 lines of code maximum ended up being a dozen times longer, split across two different processes, and requiring way too much man-hours to write the most minimalist and to-the-point piece of software we've released to date.

Of course if the guy had bothered to look at the development guidelines and documentation that is almost a decade old now he would of seen this is how his application should of been written in the first place. Instead of him assuming he will have administrative rights forever, Microsoft have been hammering on about testing your applications as standard users for years and years before Windows Vista shipped, it isn't like they just pulled this out of the bag.

The developer then makes one final stab at UAC:

Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security [his emphasis]. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.

Essentially claiming that UAC is worthless and can be coded around (by using services), which is false because in order for you to install that service in the first place you must elevate the installer, else it cannot create or modify the service.

Just today a new exploit was discovered in QuickTime (yes another one), with UAC enabled the exploit doesn't work. Because QuickTime isn't running as an administrator, but only as a standard user. Just another example of how UAC just gives the "impression" of security.

Windows Defender's Software Explorer & future improvements

Out in the technical communities I still see a lot of people telling people to use msconfig (Microsoft System Configuration Utility) to stop applications running on startup with Windows.

Now this was a fine tool - back in the old days (it first shipped with Windows 98), but it hasn't changed much since then and is geared towards technical users.

Windows Defender is often overlooked as being a simple anti-spyware application. But it has some great features which surpass a lot of the functionality that msconfig was often used for.

The Software Explorer is one of them, you can find it under Tools. It offers a few different options from the drop down menu, startup programs, which allows you to see and block any specific applications from starting with the system.

Software Explorer, startup programs

Although a common source of confusion for non-technical users is the 'Show for all users' button, which is required to make any system-wide changes (most applications set themselves to startup system-wide). So you often need to elevate using that button to make any changes, else the buttons are greyed out. I think that needs to be made more clear, or Defender needs to ask for elevation automatically upon starting the Software Explorer.

It also let's you see currently running programs, and also programs that are connected to the network (you previously had to go to the command line to check that), and also to which addresses they are connected.

Software Explorer network connected programs

What would I like to see done to Defender in future versions?

Consider moving the Software Explorer function out and having it as a standalone application, and put it under Programs in the Control Panel, although it does have a sub-option (View currently running programs) under Defender I think it is worthy of its own entry. Also put a shortcut in the System Tools folder in the Start Menu.

In addition I'd like to see Windows Defender move on to provide basic anti-virus. Windows Defender is already the best anti-spyware application out there in my opinion, it doesn't put icons in the tray, it doesn't launch loads of junk on startup and it doesn't pop up nagging you about things, with definition updates installed automatically over Windows Update is great.

This is really something where Microsoft are out in front of the pack (except with Windows Live Messenger), other software developers write software that tries to take over half your computer and load dozens of applications at startup slowing everything down, instead of getting out of the way and letting you get on with things. No doubt Microsoft would face an anti-trust investigation for bundling anti-virus with Windows (may be they could make it a downloadable plug-in), but it would be worth it for the end-user experience.

No doubt people will mention OneCare, but OneCare is a heavy all-in-one application suite, I don't see the point in having a firewall, anti-spyware etc when that stuff is already built into the system. Let OneCare be the heavy security suite, let Defender be the minimalistic simple low resource anti-malware application that it could be.

Robin Harris making up anti-Vista stories

Oh jeez, so over on ZDNet, Robin Harris threw up what apparently he thinks is a news story about how Microsoft have been forced to retreat to Windows XP on ultra-low-cost PCs, like Asus' Eee PC.

He calls it further evidence of the Vista fiasco.

What do I think? I call it evidence that Windows Vista won't run on these low powered machines, and as Microsoft is a company that wants to sell Asus something to put on these machines they'll sell em what they've got.

Observe the miracle of the Eee PC specifications:

CPU: Intel Mobile @ 900 MHz
RAM: 512mb / 1.0GB
Storage: 4GB / 8GB Solid-State Disk
Graphics: 800 x 480 and shares system RAM

And the miracle of system requirements for Windows Vista, these are the bare minimum for it to work:

1 GHz 32-bit (x86) or 64-bit (x64) processor
512 MB of system memory
20 GB hard drive with at least 15 GB of available space
DirectX 9 graphics card with 32MB of RAM, capable of 800x600 resolution

You're a walking joke Robin. Windows Vista won't fit on an 8GB hard drive, it won't be usable on a screen just 480 pixels high. It wasn't designed to run on such low powered machine, so Microsoft doesn't sell it for such low powered machines, they sell an alternative operating system that is still supported and will run on such hardware.

I know you must be getting pretty pissed off seeing 10 million more machines running Windows Vista every month, but can you lay off the old spin machine please else the "fiasco" of your storage blog may continue for a long while yet.

Mac OS X cracked inside of 2 minutes - Vista & Ubuntu stand firm

I can't say I'm honestly surprised judging on how crappy Apple's record is at patching vulnerabilities over the last few years. Windows Vista has consistently out performed all other major operating systems in this regard and Microsoft have spent a considerable sum on improving their development process in regard to security.

So anyway at the PWN to OWN contest held over the last three days crackers have been competing for a $10,000, and $5,000 prize. Their task was to crack a computer, there were three computers all running different operating systems. One running Mac OS X.5 (Leopard), one running Ubuntu 7.10 and one running Windows Vista SP1.

The first day was limited only to attacks over the network. All three machines survived.

The second day, the participants were allowed to open web pages, or e-mails. Mac OS X was compromised inside of two minutes.

Both Ubuntu and Windows Vista survived the day, and now the crackers can request that the judges allow "popular" 3rd party software onto the machines. As of this moment I believe both machines are still standing.

Both Linux and Windows have their fair share of crappy 3rd software, but I think Linux generally has more privilege escalation exploits, so we'll have to see how it goes.

So anyway, the next time some smug Apple fanboy comes up to you and goes on about security, politely remind them that they are full of it. And also consider reporting Apple to advertising regulators over their utterly misleading and down right false adverts.

1 2 4 ...6 ...7 8 9 10 11 12 ... 13