(...)
Read the rest of Anti-virus/security software sucks (705 words)

© DjLizard for DjLizard.net, 2007. | Permalink | 33 comments | Add to del.icio.us
Post tags:

Feed enhanced by Better Feed from Ozh

This doesn't work if you are already in the uninstaller being asked for the password and then remove you the key, so remove the key before starting the uninstall process.

Midas reports:

You can also use pcctool.exe for 2007 and older or tissprt.exe (or similar name) for 2008.

which will remove Trend Micro PC-Cillin without a password. You can find it in the installation directory.

© DjLizard for DjLizard.net, 2007. | Permalink | 45 comments | Add to del.icio.us
Post tags: antivirus, password, Trend Micro PC-Cillin, uninstall, Windows Installer

Feed enhanced by Better Feed from Ozh

c|net has a quote blurb on the Uniblue website that says:

This easy-to-use tool lets you remove faulty Registry entries that slow down your computer.

Removing a kilobyte of cruft should net you what, a gain of 10 nanoseconds for every 15,000 value reads?*
_{*: Actual value may vary**
^{**: Variance not guaranteed}}

I also don't think removing registry keys is the start to solving your Windows problems, but I'm going to run it for science!

As soon as I launched it, it performed its whole system scan.

A total of 311 invalid Registry entries were found on your System. Click on "Repair Registry" to fix all entries.

On the Overview tab, it says my registry health is low. Uh oh, I should be seeing errors and crashing all of the time, then, right?

I don't know if it's a function of not being registered, but since the window cannot be resized (giant skinned window with Vista style minimize and close buttons) and there isn't a horizontal scrollbar in the results area, I can't read the full path to most of the keys so that I can verify the results. Well, you can read the log file though. It opens an HTML log from Uniblue's area of your user profile's Application Data folder in your default web browser and it contains all of the information you need, should you actually know what you're looking at.

It found quite a few missing ActiveX/COM+/DCOM/OLE objects, which is the largest group of "errors" any registry cleaner can find in your system. This is because ActiveX, COM, and OLE (which all store and retrieve information to/from HKEY_CLASSES_ROOT) are so frequently used and are so frequently damaged (in one way or another). This could happen if you move the file to another drive or folder or if a module crashed while trying to register or unregister itself. The majority of what Dial-a-fix does is register ActiveX/COM/OLE objects, such as the components that run Windows Update. (Dial-a-fix tells the modules to self-register, this way, Dial-a-fix does not have to know the exact registry keys and values needed to make a module work again.)

Almost all of the ActiveX/COM errors that registry cleaners find can be ignored. There are a few things registry cleaners can figure out that are harmful to the speed of your system, but they don't occur very frequently. If you had a file type registered to a program that exists on a mapped drive and that network share was down but still listed as a mapped drive, you might get slowdowns as Windows tries to figure out where the share is. Registry cleaners are also able to remove invalid OpenWith entries, which is a good thing to do just to tidy the list of broken icons and to save Windows from having to check for non-existent locations. A lot of keys chosen for removal just contain MRU (most recently used) paths to things I have accessed using whatever program the MRU list is for. Removing these keys isn't really going to "repair" your computer.

Still, for the average user, cleaning this cruft will probably not visibly impact performance to the point that such a program should scan your entire system every startup.

At least RegistryBooster isn't taking up a lot of memory.

Another problem with registry cleaners is that you're at the mercy of the database and program version you have. Compounding this is that each registry cleaner program is third-party, meaning they all can have potentially differing opinions on what constitutes an invalid entry. There is the potential to ruin your computer by removing things that need to stay — many a registry cleaner has had to come out with program fixes and registry patches for things erroneously removed. I would hate to be a tech support person for a registry cleaning program. I'm sure there a lot of irate people who:

• Have had things removed from their system that shouldn't be, and are having new problems because of it
• Have other problems such as hard drive and memory problems and will blame the company for problems with their computer because the last thing they remember using was the registry cleaner program
• Have other problems as mentioned above and corruption occurs after a registry clean because of interference from the faulty hardware
• Have problems that can't be solved by a registry clean (which is to say most problems) and are upset that this program has not improved the performance or stability of their machine

Here's an issue I've found already, and I'm not very far through my results log:
RegistryBooster wants to remove HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\DefaultRules\22 because it says "file:///c:\ " is a bad path. This isn't true – this is the format Windows Search uses for indexing rules. If I remove this stuff, I suspect Windows Search will forget how to search my system, and had I not read through the log, I would later wonder how it disappeared. I might not even connect its destruction with my use of a registry cleaner – another big problem. Obviously something has directed RegistryBooster to look here, yet it does not actually understand what it is seeing and recommending for removal.

When I chose to "repair" the registry entries, it told me I should make a backup, which is a good idea. The bad thing is that it is only going to delete all of the registry entries, not really "repair" them. What if the file can be found elsewhere on the drive? Should it scan my filesystem and put together the puzzle and point the key at the new location? It's probably difficult to decide when such a scan should be the answer, so instead of opts to delete every error that has been found rather than trying to fix it. Because of the endless possibilities, scanning for files and pointing erroneous keys to the findings is probably just as bad an idea as mass deletion.

I'm barely through the first few lines of the log and I have all of this to say – this should give you a clear indication of my opinion of registry cleaners. I'm giving this one a chance, but it seems like it's just like all the rest and has all of the same pitfalls as anything else.

I can give RegistryBooster one thing: it did find quite a lot of missing TypeLib entries that really are missing, although like I've said before, it's not really going to speed up my computer all that much. This is only a few kilobytes of text in my 35 megabyte registry.

I don't like that there isn't a "jump to value" context menu entry on each item in the results pane – it makes fact-checking take quite a bit longer.

I've also noticed that registry cleaners tend to find Explorer's "auto" file extension creation entries, and RegistryBooster is no exception. There's no point in removing auto entries as they will just come right back as soon as Explorer sees the file extension again.

It feels like it's very limited since I'm only testing the trial version, but I don't think I really need to see any more.

In the end, I can't really recommend this sort of program to anyone (no offense to Uniblue) and I did not end up removing any of the things it said I should. I can't really give it a 1-to-5 stars type rating, so I'll give it a rating of N/A.

There is one decent registry cleaner that I've found that generally does the same thing (finds COM junk and missing font entries, etc) and isn't too aggressive with its scans: CCleaner's Issues scanner. CCleaner's Issues scanner reminds me of one final point: registry cleaners don't take into account the things that they orphan from their first scan. After you remove 300 things from your registry, chances are that there is another 200 things that have become orphaned from the first sweep. If I ever wrote a registry cleaner (which I will not) I would have it check for "dependencies" and list them as sub-items of the main items, so that it basically says "if you choose to remove X, I'm removing Y also because it's orphaned by the removal of X".

*Anti-climactic cliffhanger ending*.

© DjLizard for DjLizard.net, 2007. | Permalink | 14 comments | Add to del.icio.us
Post tags: Kim Komando, registry, registry cleaner

Feed enhanced by Better Feed from Ozh

I probably should have mentioned this long ago, as I've known about it forever: c't has created a program (well, set of AutoIt scripts) which downloads the Microsoft updates for the platform you choose and fashions it into a CD-ROM image (ISO) for you. Click the link above to see. This project is in line with the Microsoft's redistribution EULA, so it will not be receiving a takedown notice.

—

The Autopatcher group apparently never read any of the EULAs for the files they were redistributing and were thus 'cease-and-desisted'. Let that be a lesson to you: follow the EULA attached to Microsoft's files when you create a project such as this and don't be surprised if you are told to stop once you are breaking the rules.

A lot of folks are upset about how long it took Microsoft before the project was told to stop. I don't think the latent notice was malicious. I firmly believe that the "right person(s)" at Microsoft never caught wind of the Autopatcher project until now. By "right person(s)" I mean Microsoft's intellectual property watchdogs. A lot of people at Microsoft didn't mind the project – but that's because it wasn't their job to chase people down and tell them to stop. When enough support calls roll in from annoyed users of Autopatcher (who don't realize it's not Microsoft's job to fix Autopatcher's issues) the "right person(s)" eventually find out about it.

© DjLizard for DjLizard.net, 2007. | Permalink | 2 comments | Add to del.icio.us
Post tags: Autopatcher, c't, EULAs

Feed enhanced by Better Feed from Ozh

Tweakers second guess the kernel developers and use third-party software utilities to "clean" the registry and remove/disable system services they shouldn't be touching.

They often end up with more than one registry cleaner, more than one antivirus, and/or more than one firewall application running at the same time. Tweakers care a lot about system speed, so of course this will make them download/apply more tweaks in an attempt to offset the speed decrease from all of the junk software they have installed and running.

They change every option in the system to something bizarre and follow nutball crazy tech evangelists such as (but not limited to) Kim Komando and Steve Gibson of GRC.

They listen to their friends who know less than them and swear by software such as (but not limited to) Norton Antivirus.

Their systems come into my shop because they're ridiculously broken, and I spend hours removing conflicting "one-click fix" software that has ironically caused the breakdown of the machine and re-applying system defaults (using things like Dial-a-fix to guide me). When I tell them that these software packages they're using are pieces of junk and are causing all of the problems, they don't believe me.

They always disable System Restore (because they don't think it works well enough or they think it takes up a lot of resources) so there's no way I can go back to a sane system state by rolling back individual hives. They usually "replace" System Restore with Norton GoBack or some other ridiculously bad program.

I'm sure Dr. J.D. Azil will chime in with more stuff about tweakers. Doctor?

1. Install Windows
2. Leave it the fuck alone

Okay, there may be actual tweakers that know what they're doing, but I never see them. Why would I? They know what they're doing!

I also see kids (usually self-professed "gamers") who do the following to their homebuilt machines:

• Attach a CPU heatsink without using any thermal paste
• Screw the motherboard directly to the case (without standoffs)
• Chain multiple fans from a single molex connector where the chain finishes at a hard drive (or two)
• Forcing RAM modules in backwards

© DjLizard for DjLizard.net, 2007. | Permalink | 9 comments | Add to del.icio.us
Post tags: Incompetence, Operating systems, Symantec, Tweakers

Feed enhanced by Better Feed from Ozh

© DjLizard for DjLizard.net, 2007. | Permalink | No comment | Add to del.icio.us
Post tags: Autopatcher, EULAs

Feed enhanced by Better Feed from Ozh

As you can see it's mostly empty (for now) but there are great plans.
Currently, the "Scan" button on the "Find issues" tab looks for over 40 separate problems relating to the registry, services/drivers, shell/Explorer.exe, and Internet Explorer. It also displays restrictive policies.

It's written in Delphi and coming along nicely. A few rules lists will be moved to outside of the program .exe for easier access (such as restrictive policies). It will support languages. It will support Vista, Server 2003, and XP Pro x64. It will still support Windows 98. You can even resize or maximize the window now.

I spent all weekend working on it, and I plan to spend all of next weekend working on it as well. I have a lot of work to do but I'll keep everyone posted.

© DjLizard for DjLizard.net, 2007. | Permalink | 13 comments | Add to del.icio.us
Post tags: Beta

Feed enhanced by Better Feed from Ozh

Don't forget about FREE Dial-a-fix support at Lunarsoft.net! Even if I'm too busy to be around, the regulars there know Dial-a-fix better than anyone and can definitely lead you in the right direction. Also, they'll help you with general computer/tech support problems too, not just with Dial-a-fix.

© DjLizard for DjLizard.net, 2007. | Permalink | 4 comments | Add to del.icio.us
Post tags: anti-spyware, Symantec

Feed enhanced by Better Feed from Ozh

And that’s not the only bit of news about HijackThis. It seems that Merijn has managed to sell the program to Trend Micro. Merijn's own explanation is here.

HijackThis 2.0.0 beta is downloadable here.

Changes:
- AnalyzeThis added for log file statistics
- Recognizes Windows Vista and IE7
- Fixed a few bugs in the O23 method
- Fixed a bug in the O22 method (SharedTaskScheduler)
- Did a few tweaks on the log format
- Fixed and improved ADS Spy
- Improved Itty Bitty Procman (processes are frozen before they are killed)
- Added listing of O4 autoruns from other users
- Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
- Added /silentautolog parameter for system admins
- Added /deleteonreboot [file] parameter for system admins
- Added O24 – ActiveX Desktop Components enumeration
- Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check

© fredvries for DjLizard.net, 2007. | Permalink | 8 comments | Add to del.icio.us
Post tags: anti-spyware, Beta, Hijack This!

Feed enhanced by Better Feed from Ozh

Why is that, you may ask? Yes, they are bloated, they take almost half a millennium to scan your system and they were about the last products that could flawlessly work with Vista. But then, there are hundreds of crappy or sub-standard products available on the internet and a program like RogueRemover will take on but a few of the worst offenders. So, why do we care?

The root of this problem lies with the fact that these companies have brilliant sales departments. We all know that a good salesman can sell anything to an unwary customer. And there are hardly any more customers unaware than those who reside in the computer procurement departments of large companies and schools. McAfee, Symantec and Norton are pre-installed in virtually every computer that finds its way into your company or school. No problem, no hassle to search and find the best possible anti-virus scanner. No, that problem has already been conveniently solved for them by the seller.

We, the real experts, know better. We like lightning quick scans, as less false positives as possible, an appealing GUI and a responsive staff that will take all our problems seriously.

So, why do we care? We care because we have the best possible anti-virus programs running on our own computers but we have to live daily with these programs that can't meet our own high standards.

It can be regarded as a form of mental torture that, in the end, makes us more mature and resilient. Regard it as a test and also as an ongoing incentive for other companies to keep developing even better anti-virus programs and anti-spyware programs.

And in the end who really cares? It's not our own money that is wasted on these programs.

edit by DjLizard: I'm filing this under Incompetence also :D

© fredvries for DjLizard.net, 2007. | Permalink | 7 comments | Add to del.icio.us
Post tags: General, Incompetence

Feed enhanced by Better Feed from Ozh

Again. Again. There, I've used it so much it's no longer a word.

Good thing Tarun is over there at the Lunarsoft.net forums helping out with Dial-a-fix support, or else everyone would be in the dark.

Oh yeah and Ninja Rope, I am still going to use ntdel as planned and The Notifier will live once again. Too bad it dies with Vista; Vista doesn't have Winlogon\Notify keys. Edit: Actually, Vista does. They're just in a different place and have a different syntax. Take a look at:

HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Control
Winlogon
Notifications
Components

© DjLizard for DjLizard.net, 2007. | Permalink | 4 comments | Add to del.icio.us
Post tags: Alpha, Beta

Feed enhanced by Better Feed from Ozh

The first number is long distance for most, but it's the preferred number:
1-585-350-0400

The second number is 1-800-745-6055.

Simply tell Symantec how much you hate Norton Antivirus, Internet Security, or Systemworks (all pieces of crap) and how much time and money you lost when it broke your computer (even if it didn't). You'll get a refund.

Enjoy.

© DjLizard for DjLizard.net, 2007. | Permalink | 34 comments | Add to del.icio.us
Post tags: Symantec

Feed enhanced by Better Feed from Ozh

I finally got some sort of answer:

Dear Sir

CWshredder is a free software and It is not supported

Best Regards

Peter
Trend Micro technical Support

Edit: Well, CWShredder has never been supported (since it's freeware) so its status hasn't changed. He basically didn't answer your question. Your question was whether there will be any more updates, and he instead answered a question you didn't ask — whether there is CWShredder technical support. –DjLizard

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags: anti-spyware, CWShredder, Trend Micro

Feed enhanced by Better Feed from Ozh

What is this spyware-like activity?
The spyware-like activity is the automatic downloading of content when you launch Windows Media Player (aka WMP) with an active Internet connection. The content (images, cookies, javascript, etc.) will end up in Internet Explorer's Temporary Internet Files.

This can easily be confirmed by first emptying Internet Explorer's Temporary Internet Files and Cookies, and then launching WMP.

To counter these problems you could simply try to block the offending sites by putting them in your Windows HOST file, and into Internet Explorer's Security-> Restricted Sites, and Privacy areas. But alas, the HOSTS-file method won't necessarily work because Microsoft has decided to implement a strategy to bypass the HOSTS file in certain instances for some microsoft.com URL's.

And you can't simply turn the update function in Windows Media Player (aka WMP) off because you only have the choice between updating every day or week or month.

The result is that you cannot prevent your WMP from contacting Microsoft's sites.

How to prevent WMP from phoning home
To prevent WMP from automatically contacting sites which WMP automatically retrieves content from you'll only have a few options:

1. The best choice is to install a third-party two-way personal firewall such as Comodo, Kerio, ZoneAlarm, etc. In your personal firewall set it to Block/Disallow WMP access to your Internet connection by creating a permanent rule. Or at the very least and perhaps a better recommendation is to set your personal firewall to Ask every time WMP is launched so that permission must be first granted by you rather WMP is allowed to automatically retrieve online content or not.
2. Compile a list of the sites which are loaded by looking into Internet Explorer's Temporary Internet Files and Cookies.
3. Using the list you compiled in #2 block the cookies, scripts, etc., from offending sites in Internet Explorer.

Note: Don't block go.microsoft.com as doing so will break many links that Microsoft utilizes when visiting microsoft.com.

On the other hand: do you really care? It only checks for updates and bypassing the HOST-file is done for security reasons in order to prevent malware from wrecking Windows Update.

In the end it depends on your mindset: do you think that Microsoft spies on you or do you think Microsoft helps you to keep your system safe.

(post witten in cooperation with Andavari)

© fredvries for DjLizard.net, 2006. | Permalink | 2 comments | Add to del.icio.us
Post tags:

Feed enhanced by Better Feed from Ozh

To counter these problems Andavari has now created a customized exclude.ini file.

If you experience any problems resulting from the use of RegSeeker or want a specific exclusion included into the RegSeeker customized exclude.ini file you can contact Andavari via a Personal Message (PM) in the CCleaner.com forum. The file will be updated if and when needed so don't forget to check regularly.

Andavari's RegSeeker customized exclude.ini file is downloadable here.

Hoverdesk's creator Thibaud Djian has been notified and he promised me to keep a close look at the exclusions in Andavari's file and will decide if he updates RegSeeker with them at a later date.

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags:

Feed enhanced by Better Feed from Ozh

SP3 for Windows XP is currently planned for the first half of 2008. This date is preliminary and subject to change. And it will…

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags:

Feed enhanced by Better Feed from Ozh

We, as Microsoft do, recommend that those who are still running Windows XP SP1 or SP1a upgrade to Windows XP Service Pack 2 as soon as possible.

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags: Operating systems

Feed enhanced by Better Feed from Ozh

Introduce Foxit Reader. They just released version 2.0, a free PDF document viewer and printer, with an incredible small size (only 1.5 Mb) and a lightning fast launch speed.

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags:

Feed enhanced by Better Feed from Ozh

According to a Sophos Technical Support spokesperson Vista is currently not supporting Sophos products, and that includes the Anti-Rootkit tool. Or, if you turn that sentence around, Sophos isn’t supporting Vista yet.

In the near future Sophos will provide support for Microsoft Windows Vista with an updated version of Sophos Anti-Virus; Sophos Anti-Virus 6.5. This will include support for both 32- and 64-bit versions of Vista. Sophos plans to release Sophos Anti-Virus 6.5 a couple of weeks before the official release of Vista, which Microsoft plans for November 2006.

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags: anti-spyware

Feed enhanced by Better Feed from Ozh

And so others move in. One of the new players is a browser called Browzar.

Browzar claims to eliminate all traces of your web activities and it has taken a lot of flak over that very bold claim and other issues.

A test by SpywareInfo revealed that the first claim is not entirely correct. SpywareInfo was able to find a copy of the last page visited in the browser cache. They also found some cached objects, saved by the Java plug-in. It did not save cookies or URL history, as far as they could tell.

See the entire article here.

Another problem are persistent claims that Browzar itself is spyware. This is not quite true but it does open to a hard-coded start page and that start page is a pay-per-click search engine.
SpywareInfo writes that there is no way to change that start page to a different address or, for that matter, any other options. It also has a search bar that uses the same search engine.

Roger Karlsson (creator of Bazooka and Koffix Blocker) has found a solution for the above problem by using a Hex editor. Take a look at his solution for changing Browzar's start page.

© fredvries for DjLizard.net, 2006. | Permalink | No comment | Add to del.icio.us
Post tags: Beta, Privacy

Feed enhanced by Better Feed from Ozh