|By Fred Langa
Every issue, the LangaList Plus technical Q&A tackles difficult — and sometimes esoteric — problems sent in by Windows Secrets subscribers.
For this last LangaList Plus of 2011, we’ve assembled some of the most popular Langa stories of this past year; we cover topics ranging from working around a Windows 7 networking bug to 14 free tools for digging out stubborn malware infections.
Win7 network stuck in ‘Public’ mode
A bug in Windows 7 can make your PC think that safe home or work networks are unsafe Public networks — and prevent you from correcting the problem!
(Editor’s Note: Fred’s solution below was picked up by Microsoft and published, in modified form, as Knowledge Base article 2578723, which includes a one-click Fix It. However, Microsoft’s treatment skips several of Fred’s steps that help ensure success. Here’s Fred’s original write-up, which includes all the steps.)
Reader Pam’s Public network settings are stuck and are blocking her connections.
- “I accidentally checked the box that says ‘make all future networks public and do not show this again,’ not realizing it was for anything other than the hotel network I was accessing. Now I can’t connect to my home network anymore. What can I do? Running Windows 7.”
Windows 7 automatically adjusts its security settings according to the network locations you choose. So that “do this forever; never ask again” option is indeed dangerous. It’s a rabbit hole — once you go in, it can be hard to get back out.
I reproduced Pam’s situation on a network in my office so I could grab screen shots such as Figure 1, a normal Win7 Network and Sharing Center (TechNet info) dialog box. In Figure 1, the cursor is next to the network location label (under View your active networks), which in this case is set to Public network.
Figure 1. To change your network location, click the location label (shown above as Public network). But sometimes, the clickable link’s not there.
Normally, the network location has a link (blue, clickable text) that lets you reassign the network to a different location: home, work, or public network (more info). But in Pam’s case (and in the Figure 1 example), Public network is just plain text; it’s not a clickable link. What now?
Here’s the back-door fix I use when this happens to me:
- Step 1. Exit or suspend any software that uses the network.
- Step 2. Open Device Manager. (Click Start, type device manager into the Search programs and files box, and then press Enter.)
- Step 3.Expand the tree diagram (see Figure 2) to show all network adapters in your system. Right-click on the first adapter and select the Disable option. Repeat for all network adapters on your system.
Figure 2. Your network-adapter names are probably different, but the process is the same.
- Step 4. After each change, Device Manager rescans your hardware. Your monitor may blink as it’s probed — don’t worry; it’s normal. When you’re done, all your network adapters will be disabled. Now you’re ready to climb back out of the rabbit hole.
- Step 5.Still inside Device Manager, re-enable only the adapter that’s associated with the stuck public-network setting. (For example, if you’re trying to connect to your wireless network, enable the wireless adapter.)Your system will notice your network reappearing and try to connect. It will probably fail, but that’s OK; it’s expected.
- Step 6. Open the Network and Sharing Center, and in the lower part of the dialog box, select Choose homegroup and sharing options.
A dialog box similar to the one in Figure 3 will appear.
Figure 3. When there’s no other way to access the dialog box for setting network location, this is the back door.
- Step 7. Click the What is a network location?option (above the cursor in Figure 3). That will take you to the standard dialog box for setting your current network location. You should now be able to select your location.If you want to continue setting up a homegroup, follow the remaining prompts. But a homegroup isn’t required, so you also can simply abandon or back out of the homegroup setup — after selecting the correct network location.
- Step 8. The last step is to re-enable your remaining adapters, one by one.
Add outbound blocking for Windows Firewall
Reader Bill Wolcott wants to adjust the Windows firewall to block outbound, phone-home connections.
- “I have been using the Windows 7 firewall and Microsoft Security Essentials and have been very happy. However, I discovered today that it fails GRC.com’s LeakTest [site]. Is there a way to adjust the Win7 firewall?”
It can sometimes be useful to know when software on your PC tries to establish an outbound connection. If the connection isn’t one you asked for or involves software that you don’t recognize, it could be that malware is attempting to phone home or otherwise use your connection to transmit information for its own purposes.
That’s what LeakTest checks for: it installs a small, harmless program on your PC that tries to contact the GRC.com servers in a mock phone-home scenario. If your firewall guards against this kind of behavior, it alerts you before allowing the LeakTest program to go online. If your firewall stays silent, then LeakTest shows that malware could phone home from your PC and you’d never know it.
But frankly, I don’t worry much about phone-home activity. Think about it: if malware has made it onto your machine and is trying to phone home, your PC is already compromised. The real solution to phone-home malware is to avoid infection in the first place. If your PC stays clean, phone-home protection is irrelevant.
I realize I might be in the minority with that view. Many users prefer to have their firewall block or flag outbound connections. By default, the Windows firewall does neither.
But that can be changed. Windows 7 ships with about 130 preset firewall rules that govern the behavior of its outbound connections. (See Figure 4.) These rules apply mostly to basic connections for Windows’ own components.
Figure 4. The Windows 7 firewall ships with about 130 preconfigured outbound-connection rules, and you can add more rules if you wish.
You can change the behavior of the Windows firewall by adding new rules or modifying the defaults. The how-to instructions for tweaking the Windows firewall are version-specific because the software has changed significantly over the years.
XP’s firewall is, in essence, a 10-year-old Version 1 firewall. Frankly, almost any newer, third-party firewall — free or commercial — can do better. Still, if you want to use it, Microsoft offers a thorough guide called “Using Windows Firewall.”
The Windows firewall was improved in Vista and again in Windows 7. Those versions can be manually adjusted in numerous ways.
If you want to truly master the Windows firewall, the best overall resources I’ve found are MS TechNet’s “Windows Firewall” page and the nicely detailed guide, “Windows Firewall and IPsec policy deployment step-by-step,” also from TechNet. The writers get a little geeky, but the information is very complete.
On the other hand, if you’re just looking for a quick way to slap a block on outbound connections, several good third-party guides are available. See, for example, addictivetips.com’s article, “Windows 7 Firewall outbound protection” or PCterritory.net’s page on “How to enable Windows 7 Firewall outbound protection.”
But perhaps the most interesting option is Sphinx Software’s Windows Firewall Control (info).
There are free versions of Windows Firewall Control (WFC) available for Windows 7, Vista, and XP — and Pro versions with additional capabilities (U.S. $15-$30) are also available.
WFC sits between you and the Windows firewall. It lets you see and control what the firewall is doing — events that otherwise can be hard to monitor and manage.
For example, when any software tries to make an outbound connection for the first time, WFC pops up a dialog box; you can decide whether to allow that connection. (See Figure 5.) If you wish, WFC remembers your decision and doesn’t bother you when that same software tries to connect again.
Figure 5. Here, the free version of Windows Firewall Control is requesting permission to allow Internet Explorer to go online. Other connection-control parameters are offered as well.
The major downside to WFC is that it’s intrusive when you first set it up. Your PC probably has dozens of programs and services that use your network connection, and WFC asks you about all of them as each tries to connect for the first time.
The free versions of WFC are also nagware: you get a popup dialog box from time to time, asking you to register. (If you use and keep WFC, I hope you do register — to reward the software authors for their time and effort.)
Again, I don’t worry much about blocking phone-home events. Instead, I prefer to focus on prevention: keeping malware off the system in the first place.
But if you want to tweak the Windows firewall for outbound protection or for any other reason, now you have the tools!
Using ‘keyfiles’ as enormous passwords
Free encryption software lets you use the first 1,024 characters of any file you choose as a gigantic password. But using keyfiles carries special dangers you need to be aware of — or risk locking yourself out of your own data forever!
Reader Charlie Cohen writes:
- “Want a secure password you can’t lose for your encrypted data? Use a keyfileinstead of a password. With TrueCrypt, for example, you can pick any file you want, and the first 1,024 characters will be used for the password.”For instance, you might pick a song on iTunes that you know will always be there, like a particular Beatles song or whatever. Download it if you don’t already have it, and put it in your music files. When you’re ready to decrypt and mount your secure volume, just browse to the song and click. Even the FBI wouldn’t be able to figure that one out.”If your house burns down, computer is stolen, etc., you can always go to iTunes and re-download the song (or take it off your iPod); with your backups, you’re back in business.”
TrueCrypt (site) is an excellent (and free!) tool for on-the-fly encryption of files, partitions, or whole disks.
TrueCrypt’s ability to use part of a designated keyfile as a long password is very clever. But there are some gotchas with using a keyfile in the way you suggest, Charlie.
Say your PC was inaccessible for whatever reason and you needed to go online to get a new copy of whatever keyfile you used, such as that example MP3. If that file has been altered in any way — a slightly different header; a tweaked compression ratio; or even a single, accidentally flipped bit — then the first 1024 characters won’t be exactly the same as in your original version of the file. The keyfiles won’t match, and you won’t be able to decrypt your files.
If you’re going to use a keyfile, it’s important to keep multiple copies of the original keyfile in several very secure locations so you can be 100-percent certain you’ll have access to exactly the same arrangement of bits later on.
For that and other reasons, TrueCrypt’s online documentation suggests you use it in combination with a regular, personal password. That way, you’ll be implementing a very secure two-factor authentication system (definition), which is about as good as it gets on the desktop.
Keyfiles aren’t worth the hassle, in my opinion. I prefer just to use a long, well-crafted, easy-to-remember, master password to securely encrypt my private files. It’s not two-factor secure, but it’s plenty secure for my routine needs.
There are many sites that tell you how to create strong passwords — Microsoft offers an adequate guide — but one simple, easy way is to use the initial letters of the words in a personally relevant (but nonobvious) passphrase.
For example, picking from my own sordid past, I might (but don’t) use the phrase The first commercial software I wrote was for Apple II and Atari 800 computers! This becomes TfcsIwwfAIIaA800c! That’s easy for me to remember but would be quite hard for someone else to guess, coming at it cold.
I’m sure you can come up with a phrase (longer or shorter as needed) that’s based on unguessable personal trivia!
Upgrades end in erratic, partial hangs
A reader’s heavily upgraded XP system randomly freezes for several seconds from time to time. Strangely, during these mini-hangs, other parts of the system remain unaffected.
Reader Ian explains:
- “We have a friend who’s a certified computer repairman. In the last year, he’s replaced our PC’s power supply, put in maximum RAM, and updated the hard drive to 500GB SATA.”This last update was done a matter of weeks ago, and since then the system is freezing from time to time — for perhaps 15 to 20 seconds — and then going again. During this time, the clock still clicks over the seconds.”I have the latest Comodo firewall installed, plus Microsoft’s antivirus, and I also have the firewall turned on in the DSL modem.”
Here’s what I’d check first: your recently replaced hard drive. The mini-hangs you describe sound like a hard-drive spin-up delay.
If the drive is set for aggressive power-savings, it may be spinning down too soon. When a drive is in a low-power standby state (sleeping), it has to wake and spin up before it can respond to read/write requests. That spin-up delay could indeed briefly hang whatever software was waiting for the drive, but it wouldn’t affect components such as the system clock.
You can usually diagnose this problem with your ears: listen for drive noise the next time you experience one of those mini-hangs. If the hang is accompanied by the sound of your hard drive spinning up, you’ve likely found your problem.
It’s easy to fix. Just set the drive’s sleep time to a longer interval via Control Panel’s power-settings applet. In XP, click Start, Control Panel, and Power options; then adjust the time delay shown in “Turn off hard disks.” (Vista and Win7 have similar options.)
If it’s not the drive, then I suggest you use Task Manager to see what software is dominant during a mini-hang. Chances are, whatever’s consuming the most CPU time is connected with the hang.
Use Ctrl + Alt + Del to access Task Manager, then click the Processes tab. You’ll see a list of the software currently running on your system, along with some information about each item. (See Figure 6.)
Figure 6. Task Manager’s Processes tab shows what’s consuming CPU cycles — not much, in this example of a healthy, idling system. (XP Task Manager shown.)
The numbers in the CPU column represent the approximate current percentage of CPU time that loaded executables (listed in the Image Name column) are using. Click the CPU column header to re-sort the list in descending order. The list will jump around a bit as different processes use the CPU, but over a span of several seconds, the most CPU-intensive app should bubble to the top. You should thus be able to see what’s causing your system to bog down.
If you don’t recognize the name of the executable that’s possibly causing the problem, type its exact image name into your favorite search engine — one or more of the search results should describe what the software is, who publishes it, and what it does.
Alternatively, you can download the free (and excellent) Process Explorer from Microsoft’s Sysinternals (info/download). It’s a kind of amped-up Task Manager that can show you everything your system knows about each process it’s running, including publisher, location on the drive, resources used, and so on. It’s a professional-level tool — and it’s free!
(Vista and Win7 can use Process Explorer but really don’t need to. Their version of Task Manager can display the full properties of any process you right-click on — no extra software is needed.)
After you’ve identified the problem software, take the appropriate steps to adjust its settings or replace it with a better-behaving app.
Remove a recurring malware infection
Reader Tom’s PC suffers daily infections — from the same malware!
- “I keep getting the same two infections every day, and every day ZoneAlarm AV/AS puts them in quarantine. I’ve read that this constant reappearance can be stopped by scrubbing, erasing, or cleaning free space on the hard drive. Can you tell me how to do this?”
I’ll answer your question, Tom, but I don’t think it will solve your problem. If you don’t mind, I’ll also suggest some additional steps I think you should take, and list 14 free tools that can help!
I assume your question refers to wiping (totally erasing) your hard drive’s free space in case malware is hiding there. There are many third-party tools that can handle the job.
Perhaps the best single-purpose tool is the free, open-source app Eraser (site). Although not meant for novices, Eraser’s well-designed interface (see Figure 7) makes it relatively easy to use, and it works on all Windows versions from XP onward.
Figure 7. Eraser lets you securely erase files, folders, or all the free space on your hard drive.
Another popular app, frequently recommended in Windows Secrets, is the free CCleaner (info), which offers a Wipe free space option in its Advanced settings.
Maybe a wipe will help, but I doubt it. (Only exotic malware hides in the free space.) I suspect your problem is caused by some type of nasty and persistent — but probably quite ordinary — malware. I’ll bet you can find and remove it with these tools:
Rootkit removers. Rootkit malware (Wikipedia definition) can be especially hard to remove, making it seem like the infection keeps coming back. (It’s not really coming back — it never left!) Given your PC’s symptoms, Tom, I suggest you run one or more of the following utilities — they’re specifically designed to detect and remove rootkits and all are free. (The product names are linked to each app’s info page.)
- Sophos’ Anti-Rootkit has an excellent reputation and is easy to use.
- Trend Micro’s RootkitBuster targets a broad array of related threats in “hidden files, registry entries, processes, services, drivers, kernel code patches, ports, operating system service hooks, and Master Boot Record (MBR) rootkits.”
- Microsoft’s RootkitRevealer specifically targets “Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish, and HackerDefender.”
- Malwarebytes’ Anti-Malware is an excellent, free, anti-malware utility that scans your system on whatever schedule you choose. (Windows Secrets contributors often recommend running this app on a regular basis.) The Pro version (U.S. $25) offers additional real-time protection not available in the free version.
- Lavasoft’s Ad-Aware comes in free, Pro ($30), and Total ($50) editions. The free version is a general anti-malware tool. The paid versions add rootkit protection and other features. (See the site for a comparison.)
- Safer Networking’s Spybot Search & Destroy (freeware/donationware) had fallen off my radar because it was, frankly, ancient. But a new Version 2 is in public beta. It looks promising, but beta software is unfinished by definition and so may have flaws. Use with extra caution.
- Trend Micro’s Hijack This comes with several tools to help identify and remove malware. It also can generate a nicely detailed report on your system’s registry and file settings, so you can look deeply for anomalies.
- Trend Micro’s RUBotted specifically monitors your computer for bots (short for “robot”), a common type of Internet app that can be used for malicious purposes such as allowing hackers to take control of your computer. (Check out the “Malicious purposes” section in the Wikipedia Internet-bot definition page.)
- Trend Micro’s HouseCall now at version 7.1, remains one of the best in this category. (Notice how many times I’ve mentioned Trend Micro products? Kudos to them for offering so many excellent tools!)
- Symantec’s Security Check seems to do a thorough job of on-demand scanning.
- ESET’s Online Scanner isn’t noted for its speed, but it is undeniably thorough.
- Microsoft’s Safety Scanner is extremely simple to use and checks for a variety of viruses and other malware.
I strongly suggest you look at both your current security setup and your PC use to find where the weakness is. Then take whatever steps you need to — even if it means changing security tools — to shore up your defenses.
In short: When your PC suffers from the same infection repeatedly, it’s time for special-purpose software. Those 14 free tools can help you clean out even the most stubbornly entrenched malware infections!
|Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.|
Subscribe to our Windows Secrets Newsletter - It's Free!
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!
Subscribe and get our monthly bonuses - free!
Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!