Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>The advanced system-recover toolkit

Windows Secrets Newsletter • Issue 299 • 2011-07-28 • Circulation: over 400,000

Table of contents 
  • Top Story: The advanced system-recover toolkit
  • Best Practices: What works for you: Hotmail versus Gmail
  • Wacky Web Week: Add an armored laptop to your security checklist
  • Windows Secrets: A free download for all subscribers
  • LangaList Plus: Pros and cons of a ‘keyfile’ password
  • In the Wild: Blink, and you’ll miss the next Firefox
  • Patch Watch: Take a short summer break from patching
ADVERTISEMENT
Struggling to email large files?
Struggling to email large files?

Microsoft Office, JPEG and PDF files are often unnecessarily bloated making them too big to email. NXPowerLite cuts the bloat from your files without changing the way they look or function. Compress your PowerPoint, Word, Excel, JPEG and PDF files by up to 95% without Zipping. Join over one million existing users and download the free 30-day trial from our website.

NXPowerLite Desktop Edition 5
Recommended download: PC Matic
Recommended download: PC Matic

PC Matic boosts internet speed, enhances security, increases stability and maximizes performance. PC Matic is safe, secure, and simple to use software that automates the regular maintenance necessary to keep your PC fast and safe. Developed by PC Pitstop - where over 200 million free scans have been run. Free download & scan. Try it today.

PC Matic
 
Top Story

The advanced system-recover toolkit

Susan bradley By Susan Bradley

You probably know and use various real-time antivirus tools, but there are also advanced security tools that work under the operating system.

Many of these are based on Linux and help scan, fix, or even reset Windows passwords.

A recent Wall Street Journal article reported that small businesses are increasingly the target of cyber attacks. That made me think about the tools I use to secure the computer I use for online banking, which has to be as secure as possible (and practical). The report also reminded me to keep a more watchful eye on what my system is doing.

If you want to build an advanced system-cleaning and -recovery toolkit, here are my recommendations. Some of these tools have been around for a while, and some are in beta. Test them out and see what you find — you might be surprised.

Making it more difficult for malware to hide

Microsoft Standalone System Sweeper. Microsoft finally has its own offline tool — currently in beta — that lets you build bootable media and scan a system without running the installed (and possibly corrupted) version of Windows. Historically, this capability has required Linux and a third-party app. It’s nice to see Microsoft stepping up to the bar and offering its own version.

The System Sweeper (shown in Figure 1) scans for malware from a clean, protected environment. After you reboot your PC with the System Sweeper–created media, it’s considerably harder for malware to trick the operating system. Try it out. Go to System Sweeper’s home site and download it, then follow the instructions in a Security Garden blog. System Sweeper can boot from a USB flash drive or a CD-ROM.

System sweeper alert
Figure 1. Microsoft’s System Sweeper makes it difficult for malware to stay hidden on your PC.

Kaspersky Rescue Disk. This tool, shown in Figure 2, has been around for a while and works much like Microsoft System Sweeper: you download an ISO file from the Kaspersky site and build bootable media — either CD or USB. But because you’re downloading an ISO file, creating a bootable rescue disk is more complicated than with System Sweeper.

With the Kaspersky utility, you’re booting an alternative operating system. That helps with malware detection because a virus built for one operating system may not be clever enough to hide from another OS. Once you’ve created the rescue disc, it’s relatively easy to have Kaspersky’s app scan the hard drives and clean the system.

Kaspersky rescue disk
Figure 2. Kaspersky Rescue Disk works below Windows to scan and clean a PC.

Windows Recovery Console. Often overlooked by PC users, Windows Recovery Console was highlighted in a recent Microsoft Malware Protection Center blog as a way to clean and repair Windows’ master boot record. For example, if you get flagged as having the Win32/Popureb.E Trojan (description), Microsoft strongly recommends following the instructions in the blog. Once you’ve launched the Recovery Console, run the command bootrec.exe /fixmbr to replace the master boot record with a clean version.

For more on this topic, see Lincoln Spector’s July 8, 2010, story, “Rescue Windows with a bootable flash drive,” in the paid section of Windows Secrets online.

Password-recovery apps and other useful tools

Online NT Password & Registry Editor. We’ve covered password recovery tools before, notably in Ryan Russell’s April 22, 2010, item, “Recovering lost passwords using boot CDs” (paid content). But I want to recommend Peter Nordahl’s password-recovery tool (info/download site), which resets the Windows admin password and works on all versions of Windows from NT Version 3.5 on. It’s not new, but it’s still effective when you get locked out of your PC. It even re-enables a disabled administrator account.

Now, before you jump to the conclusion that this tool opens up a huge security hole, remember that you must have physical access to your computer to use it. It cannot be run remotely. This tool uses Linux to boot a PC without launching Windows (see Figure 3). It edits the Windows Security Accounts Manager files and then puts them back with the passwords edited or removed.

Beware: If you have Windows BitLocker drive encryption or an encrypted file system, note that once you remove or change your password you can kiss those files goodbye — you’re not getting back into them until you remember the original password.

Online nt password & registry editor
Figure 3. Peter Nordahl’s admin password-reset tool uses Linux to bypass Windows.

Knoppix bootable disks. I’d be remiss if I didn’t mention the suite of Knoppix security apps (info/download site). Many of these tools had their beginnings in forensic investigations. In computer forensics, you want to make a byte-by-byte replica of the suspect system, or you want to ensure you’re reading the operating system you’re investigating — that you’re not in any way changing the original data. (When I say computer forensics, I’m referring to your own investigation using bootable media — not necessarily to forensics needed as evidence in a court case or to obtain a subpoena. Those investigators typically use data-acquisition techniques that rely on replicating a drive via USB or a parallel port.)

Before downloading and using any of these miscellaneous advanced recovery and diagnostics tools, read their recommendations and instructions to ensure the app does what you intend it to do. Most Linux download sites include an md5 or Sha1 hash value, which indicates that no one has tampered with the files. (Free utilities have occasionally been maliciously modified to transport Trojans and backdoor viruses onto PCs.) I also recommend trying out these apps on a spare computer, first — not your main machine.

To verify that a utility I download is unchanged from the one the author posted online, I use Microsoft’s File Checksum Integrity Verifier (FCIV) tool, available through MS Support article 841290. (Note: According to the site, MS offers the tool but does not support it.)

To use the app, download the FCIV file and in a command window enter:

fciv.exe {the utility’s filename}.

Next, compare the value displayed with that given on the utility’s website. The Knoppix Security Tools Distribution site, for example, gives a checksum value of de03204ea5777d0e5fd6eb97b43034cb. As long as the values always match, I’m comfortable using the tools. Note: An overly aggressive antivirus app might flag the Knoppix tools as potential malware. As long as you’ve run the checksum value check, you can safely ignore any warning about these utilities.

So there you go — just a few of the many advanced security tools that allow you to take a closer look at your systems.

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.

Susan Bradley has been named an MVP (Most Valuable Professional) by Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
 
Best Practices

What works for you: Hotmail versus Gmail

Megan morrone By Megan Morrone

The newest version of Hotmail might not have Gmail’s cool factor, but it does have some new features worth a second look.

Find out how Windows Live Hotmail stands up to Gmail in terms of spam filtering, security features, and social-networking integration.

New developments in spam filtering

Remember when spam e-mail was just annoying sales pitches for stuff we didn’t want? Then unwanted e-mail morphed into a delivery vehicle for viruses and spyware. Now we also have to contend with a constant barrage of fraud and phishing scams designed to trick us into giving away our personal and financial information. Such messages might even trick us into installing malware ourselves.

Along with our browsers, our e-mail program is a first line of defense against these kinds of scams.

Both Gmail and Hotmail have filters that whisk away spam before we see it, and they both do a pretty good job of not ensnaring our important mail in the same net. The services get smarter by analyzing spam data from their large subscriber bases and by using technology originally developed for other parts of their companies.

In the case of Hotmail, Microsoft utilizes the same spam-filtering technology (SmartScreen) used in Microsoft Exchange Server and Internet Explorer. In other words, Microsoft isn’t just saving the good stuff for its paying customers.

Google’s spam filter uses algorithms developed as part of the company’s PageRank technology to classify and help identify spam. Many spammers try to thwart language-based spam filters by sending spam messages as images. Gmail uses optical character recognition developed by the Google Book Search team to catch this kind of junk mail.

New protections from account hijacking

Getting your account hijacked by a spammer is annoying, embarrassing (No, Mom, I did not send you a link to a video of Katy Perry naked!), and potentially expensive. My Gmail password was stolen, and the cyber criminal immediately began charging things at Google Checkout, which was linked to my Google account and my credit card. Google alerted me before I even noticed it myself. I wish Hotmail had a similar feature.

Both Hotmail and Gmail let you use their service with the HTTPS protocol, which prevents casual snoopers from eavesdropping on your e-mail and stealing your password. This service alone can go a long way toward saving your account from being hijacked.

The use of HTTPS is the default for Gmail, but you have to turn it on for Hotmail (and you should, especially if you use unsecured Wi-Fi connections or public computers a lot). It might slow your movements on the Web a bit, but that’s a small price to pay for not getting your account password stolen on an unsecure connection.

To turn on HTTPS in Hotmail, go to the Accounts/Connect with HTTPS page and click the radio button for Use HTTPS automatically. As you can see in Figure 1, you could get errors if you try to use HTTPS with various other programs that connect to Hotmail. However, according to the Inside Windows Live blog, “An update on SSL support,” you can now use HTTPS with the newest version of the Outlook Hotmail Connector and with Windows Live Mail.

hotmailhttps
Figure 1. The Hotmail Connect with HTTPS page

How to recover from a hijacked account

Hotmail and Gmail both allow you to associate your account with a mobile phone number, so they can send you a code via a text message if your account is hijacked. Gmail has an elaborate, two-step verification process (description) that involves printing out codes; Hotmail, however, lets you associate your account with your personal computers so that you can recover your account by using only one of those PCs.

In recent weeks, Microsoft has rolled out or announced a few new and unique Hotmail tools for thwarting hijackers. Here’s how they work:
  • My friend has been hacked! The first people to discover that your account has been hacked are usually your contacts, who are barraged with spam and phishing scams that appear to come from you. As detailed in a Microsoft Windows Live blog, Hotmail recently added a new feature that lets any user report an account that looks like it’s been hacked. In fact, Hotmail even lets you report a suspected Gmail account that has been hacked, and Microsoft sends that information to Google.

  • Strong passwords required. According to the blog post linked above, Hotmail will also “soon” roll out a new feature that not only tests the strength of a password but also prevents users from using common passwords such as password and 1234567. Microsoft blogger Dick Craddock also warns: “If you’re already using a common password, you may, at some point in the future, be asked to change it to a stronger password.”

Testing social-networking integration

The jury is still out on whether Google+ will be a Facebook killer. So far, only the tech elite have access to Google+, and everyone knows that they don’t use social-networking tools in the same way real people do. For now, Google and Hotmail both integrate well with social-networking tools, but whether you’ll continue using Facebook or switch over to Google+ might have a lot to do with which e-mail program integrates more seamlessly for you.

Right now, you can easily chat with Facebook friends within Hotmail by connecting your Windows Live account to Facebook. Make sure Chat with my Facebook friends in Messenger is checked, as seen in Figure 2.

chooseoptions
Figure 2. Choose your options in the Connect to Facebook dialog box.

Hotmail will probably always have better Facebook integration because of Microsoft’s partnerships with the social-networking giant. And don’t expect Microsoft to willingly integrate Google+ with Hotmail any time soon. You can watch YouTube videos in Hotmail, but if you want a more seamless experience with your e-mail program, use Gmail.

They say, where there’s a will, there’s an app. So if you really want to mix and match social-networking tools with the e-mail program of the rival company, of course you can. But if you’re reluctant to trust third-party applications, or digging around under your hood doesn’t interest you, choose your e-mail program based on the social-networking tool you use most often.

It’s the same story for productivity software. If you use Microsoft Office, you can view, edit, and share documents more smoothly with Hotmail. If you or your company has tossed aside Office for Google Docs, it makes sense to use Gmail.

The verdict? Hotmail has made a lot of changes lately, and Microsoft continues to improve the product — especially when it comes to security. But then Microsoft had a lot of catching up to do. If you’re thinking of switching from one to the other, open a new account in the rival service and then forward your mail to it for a while so you can test all the features before deciding.

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.

Megan Morrone is a freelance writer in Sonoma County, California. She has hosted podcasts on TWiT.TV and was on the original cast of The Screen Savers on TechTV, where she wore geeky costumes and threw computers off cliffs before YouTube existed.
 
Wacky Web Week

Add an armored laptop to your security checklist

Employee on a ramage By Tracey Capen

Some security threats simply can’t be foreseen. Who guesses that someone, in the middle of a workday, will decide on the spur of the moment to demolish a computer?

Surely this boss never anticipated that an unhappy employee would fold, spindle, and otherwise mutilate the notebook he left sitting on his desk. Play the video


 
Windows Secrets

A free download for all subscribers


Troubleshooting You’re more advanced than the typical Windows user — you read Windows Secrets! So what do you do when you have PC trouble?

You jump in and start troubleshooting. Troubleshooting Windows 7 Inside Out, by Mike Halsey, is packed with prevention tips, troubleshooting techniques, and advice on system tools you can use to get Win7 running perfectly.

This month, all Windows Secrets subscribers can download an excerpt: Part 3, Chapter 16, Windows Problems Demystified. You’ll learn about Windows 7′s core files, Win7 security and policy features, advanced file restore, how to create a slipstreamed installation DVD, and more.

If you want to download this free excerpt, simply visit your preferences page, save any changes, and a download link will appear.

Info on the printed book: United States
 
LangaList Plus

Pros and cons of a ‘keyfile’ password

Fred langa By Fred Langa

Free encryption software lets you use the first 1,024 characters of any file you choose as a gigantic password.

But using keyfiles carries special dangers you need to be aware of — or risk locking yourself out of your own data forever!

Using keyfiles as enormous passwords

Reader Charlie Cohen uses the first 1K (1,024) characters of an MP3 file as a very long password that he doesn’t have to remember.
  • “Want a secure password you can’t lose for your encrypted data? Use a keyfile instead of a password. With TrueCrypt, for example, you can pick any file you want, and the first 1,024 characters will be used for the password.

    “For instance, you might pick a song on iTunes that you know will always be there, like a particular Beatles song or whatever. Download it if you don’t already have it, and put it in your music files. When you’re ready to decrypt and mount your secure volume, just browse to the song and click. Even the FBI wouldn’t be able to figure that one out.

    “If your house burns down, computer is stolen, etc., you can always go to iTunes and re-download the song (or take it off your iPod); with your backups, you’re back in business.”


TrueCrypt (site) is an excellent (and free!) tool for on-the-fly encryption of files, partitions, or whole disks.

TrueCrypt’s ability to use part of a designated keyfile as a long password is very clever. But there are some gotchas with using a keyfile in the way you suggest, Charlie.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
In the Wild

Blink, and you’ll miss the next Firefox

Robert vamosi By Robert Vamosi

Browser updates from the likes of Mozilla, Google, and — to some extent — Microsoft are coming ever more frequently. Its that a good thing?

When PC users suffering from update burnout skip some new versions of browsers, they may lose out on important security enhancements. Perhaps Mozilla and Microsoft should take a lesson from Google’s invisible Chrome updates and not brand every new release.

Updating the browser is a good security policy

One of the easiest (and easiest-to-forget) ways to keep your computer secure is to regularly update your applications — especially your browser. Using the latest browser is a critical step in the constant battle to defeat new malware. Cyber criminals know this, so they’re unleashing even more attacks on systems running older apps — such as the millions of machines still on Internet Explorer 6.

Of the big-three browsers, Google Chrome offers possibly the best approach to browser updates. Google silently and automatically pushes out new versions — end users never have to worry about, or even consider, whether they’re on the most up-to-date edition of Chrome. Often, these are tiny, under-the-hood tweaks to the browser. (If you must know, Chrome is now on version 12 — with version 13 in the queue, according to the Google Chrome Releases blog.) Chrome users could get so accustomed to this automated update system, they might fall out of practice updating their other applications.

Mozilla’s system for updating Firefox is less automated but still relatively good — and significantly better than Microsoft’s less-frequent IE update cycle. When there’s a new version of Firefox, it diligently nags you to update (or will say that a new version is available to download or beta-test). These updates often include a few new features plus important security enhancements. I’ve told Mozilla it needed to make the process easier — and they have; my last two Firefox updates were relatively painless in terms of file size and time to install.

Microsoft still uses a rather cumbersome process to keep Internet Explorer up-to-date. IE security patches (of which there are still too many) typically appear on Microsoft’s Patch Tuesday — the second Tuesday of each month. Those patches mostly address the vulnerabilities Microsoft considers most critical. Major new updates, such as IE 9, come out infrequently and usually require you to download a large file and reboot the PC at the end of the installation process. (For this and other reasons, I’m not a big fan of IE — if you haven’t already noticed from my previous columns.)

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

Take a short summer break from patching

Susan bradley By Susan Bradley

Normally the fourth Tuesday of the month is when Microsoft releases the surprise updates — often important fixes for Windows.

So it’s a pleasant surprise that Microsoft did not release any major Windows-related patches this week. Take some time in the sun!

Microsoft releases Mango phone update

The long-awaited Windows Phone 7 update, code-named “Mango,” has been released to manufacturer. As announced on a recent Windows Phone blog, the new version will finally give Windows Phone 7 users application multitasking, Internet Explorer 9, and other improvements to the Windows Phone experience.

Now here’s the bad news: it might be months before current Windows Phone 7 owners can enhance their devices. WP7 is now in the hands of the phone vendors, who have to test it and approve it for their new models. As stated on the blog, the Mango update for current Windows Phone handsets will come this fall.

► What to do: When the update is finally offered, I strongly recommend not installing it immediately. Wait for others to test it and report any show-stopping problems. And when you do upgrade, ensure your device is fully backed up first.

2528583
Take a pass on these service packs for databases

If you have SQL Server 2008 R2 on your system, you might have been offered the sole Microsoft PC–related update this week. SQL Server is used by many databases to store information. As with most service packs, KB 2528583 is an accumulation of many previous patches. Microsoft Support article 2528583 provides a long list of fixes.

► What to do: Because it’s a cumulative service pack, there’s no immediate need to install KB 2528583

iPhones get man in the middle–threat fix

iPhone 3Gs and 4s received updates to counter possible man-in-the-middle attacks. In this scenario, an attacker spoofs SSL certificates and intercepts transmissions. You might also need to update iTunes to Version 10.4 (which includes stability and performance fixes) before you can update your phone.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb