XP’s No-Reformat, Nondestructive Total-Rebuild Option

It’s one of those software design decisions that makes you scratch your head and wonder, “What were they thinking?” The “it” in this case is XP’s most powerful rebuild/repair option, and yet Microsoft chose to hide it behind seeming dead ends, red herrings, and a recycled interface that makes it hard to find and (at first) somewhat confusing to use.

But it’s worth exploring because this option lets you completely and nondestructively rebuild, repair, or refresh an existing XP installation while leaving already-installed software alone (no reinstallation needed!). It also leaves user accounts, names, and passwords untouched and takes only a fraction of the time a full, from-scratch reinstall does. And unlike a traditional full reinstall, this option doesn’t leave you with two copies of XP on your hard drive. Instead, you end up with just the original installation, but repaired, refreshed, and ready to go.

We’ve saved this technique for last in our discussion of the various XP repair/rebuild options because the fixes we’ve previously discussed are like first aid–the things you try first. For instance, see this discussion on removing limitations on XP’s Recovery Console, turning it into a more complete repair tool; or this discussion on the Recovery Console’s little-known “Rebuild” command that can cure many boot-related problems. (There’s also lots more on the Recovery Console here.

But when the Recovery Console techniques don’t work, and you’re facing the prospects of a total reformat/reinstall, stop! Try the no-reformat reinstall technique we’re about to illustrate, and you just may get your XP setup running again in a fraction of the time and with a fraction of the hassle of a grand mal wipe-and-restore.

Read the rest of the story along with screenshots…

Posted in Windows | No Comments

Users of Aged Windows Face Risk

Microsoft warned Friday that customers face security risks if they use some of its aging operating systems after it ends support for them in July.

The systems affected are Windows 98, Windows 98 Second Edition, and Windows Millennium Edition. Support will end on July 11, the next date for Microsoft’s monthly security patches and software updates.

Security updates will also end, a posting on the Microsoft Security Response Center said.

Tough Fix

Microsoft said it wasn’t feasible to make extensive changes to Windows Explorer to eliminate a security vulnerability since the underlying architecture of Windows 2000 is much less robust, wrote Christopher Budd, a program manager with Microsoft’s security response center.

“Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system,” Budd said.

As a result, applications may not run on the updated system, he said.

Microsoft advised those still using the operating systems put them behind a perimeter firewall that filters traffic on TCP port 139, which will block attempts to exploit the problem, Budd said.

Further, support for Windows XP Service Pack 1 will end on October 10.

http://www.pcworld.com/news/article/0,aid,126041,tk,nl_dnxnws,00.asp

Posted in Security, Windows | No Comments

Take Back 20% Of Your Bandwidth From Windows XP Pro and 2000

Microsoft reserves 20% of your available bandwidth for its own purposes (suspect for updates and interrogating your machine etc..) Here’s how to get it back:Click Start > Run and type gpedit.msc

This opens the group policy editor. Then go to:

Local Computer Policy > Computer Configuration > Administrative Templates > Network > QOS Packet Scheduler > Limit Reservable Bandwidth

Double click on Limit reservable bandwidth. It will say it is not configured, but the truth is under the “Explain” tab:

By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default.

So the trick is to ENABLE reservable bandwidth, then set it to ZERO. This will allow the system to reserve nothing, rather than the default 20%.

Works on XP Pro and 2000.

http://www.googlecommunity.com/about6457.html

Posted in Windows | No Comments

Password-Stealing Trojan Spreads

A fresh round of spam with a password-stealing Trojan horse detected this week uses a German-language pitch, saying the malicious attachment is an official Microsoft Windows update.

The attached malware, called “Trojan-PSW.Win32.Sinowal.u” by antivirus software developer Kaspersky Lab, is a next-generation Trojan that’s on the rise, said Roel Schouwenberg, a senior research engineer with the company. The Sinowal family of malware was first detected in December, and first seeded on malicious Web sites.

If a user visited the site and did not have a properly patched browser, the software would install itself, allowing it to harvest login and password information for some European banks’ Web sites, Schouwenberg said. The Sinowal family of malware may have been created in Russia, since the malware code contains some Russian, he said.

The latest spam messages have a “.de” e-mail address. Rather depending on a browser exploit to install itself, the latest version of Sinowal tries to trick users into installing it. The message, written in German, claims that a new worm is on the loose, and that the recipient should run the attached file to protect their system.

Schouwenberg said the malware writers may have decided to send it by mass e-mail if the browser exploit approach wasn’t working as well.

How It Works

The Sinowal Trojan is a type of “man-in-the-middle” malware. Even if a user has started a Secure Sockets Layer transaction with a bank, the Sinowal Trojan can insert HTML code that causes a pop-up window asking for a user name and password. It is programmed to react to certain bank Web sites.

“This is something we are going to see more and more and really make life hard,” Schouwenberg said.

It’s unique since it then sends that information immediately to the hacker’s server rather than storing the information for periodic transmission, Schouwenberg said. The Trojan is also capable of checking for updates of itself.

http://www.pcworld.com/news/article/0,aid,125915,tk,nl_dnxnws,00.asp

Posted in Security | No Comments

Microsoft Advises Switching Word to ‘Safe Mode’

Microsoft is advising people to run its Word application in “safe mode” to help guard against a Trojan horse that surfaced recently, though security experts on Wednesday said there still appears little cause for alarm.

“The good news is that it doesn’t seem to be very widespread,” said Graham Cluley, a senior technology consultant with United Kingdom antivirus company Sophos PLC. “There have been very, very few reports.”

Damage Limited So Far

Researchers at F-Secure and Trend Micro also said the number of reported incidents remained low on Wednesday. Trend Micro rates the Trojan horse as “low risk” because, while the potential for damage is high, the impact so far has been small, said David Sancho, a senior antivirus engineer.

The Trojan horse surfaced last Thursday and arrives buried in a Word file attached to an e-mail message. It secretly installs software on a user’s PC that could be used to execute remote commands, download other malware, or monitor keystrokes and gather passwords, among other mischief.

For the Trojan horse to do its work, however, users must first be tricked into opening the Word attachment. And the incidents reported so far suggest that hackers are still using the Trojan horse in a very targeted fashion rather than sending it in mass e-mail, said Erkki Mustonen, a security researcher at F-Secure.

The Finnish vendor received reports from a handful of European companies affected last week that were all in the same business area, Mustonen said. He declined to name the industry. The company received a few more reports this week, but “it seems to be pretty calm,” he said.

The number of hacker groups using the Trojan horses appears quite small at this point, Mustonen said. “It seems they have been written by expert people,” he said.

He advised businesses to monitor any suspicious traffic in their firewall coming from China. The Trojan horse may not have originated there, but it appears at least to be talking to a host server in that country, he said.

Safe Mode Workaround

Microsoft’s Security Research Center is analyzing the vulnerability, which affects Microsoft Word XP and Word 2003. The company said it will release a patch with its next regular update, due June 13, or earlier if necessary.

In the meantime, Word’s safe mode won’t fix the vulnerability but will prevent the vulnerable code from being exploited, Microsoft said.

In safe mode, Word ignores toolbar customizations, changes to preferences can’t be saved, and functions such as AutoCorrect and Smart tags are disabled.

The first step is to disable the Outlook feature that uses Word for editing e-mails. The second involves creating a new desktop shortcut that adds “/safe” to the Word command line. Detailed instructions are in the Workaround section in Microsoft Security Advisory (919637).

“For the sake of security I’d recommend doing it, even though it’s a bit difficult,” Sancho of Trend Micro said.

http://www.pcworld.com/news/article/0,aid,125859,tk,nl_dnxnws,00.asp

Posted in Security | No Comments