Wiz's Computer and Website Security Blog

In Today's World the Internet is no longer a safe place for Windows PC users (not that it ever was). Criminals are exploiting vulnerabilities in web sites, web servers, email, browsers, and unsecured, or under-secured Windows OS computers.

Some of the current exploits making the rounds are using JavaScript functions to install malware onto vulnerable Windows based PCs. Some of these exploits are being secretly installed into the operating system of web servers, thus causing the exploit code to appear on every web site hosted on that server (a horrible situation). The individual web site customers are at the mercy of their hosting company to detect and repair the rootkit infection that adds the exploit codes to every home page on that server. Web hosts are usually informed about such exploits in the wild, that target their operating systems and they usually apply the necessary patches and re-compile the Apache Kernel, or Windows Server OS, as soon as possible.

Another related attack vector comes from individual web sites, if they are using insecure scripts, for which various hackers are searching. Hackers send bots to probe every website they can find, following links in search results, and on websites they have already visited. The bots are programmed to attempt to run various types of exploits against that website. The exploit attempts I see most often involve trying to exploit PHP scripts, or web pages, to perform http redirects to hostile scripts, hosted on other servers. A website owner who is not fully up to speed about security issues may install a vulnerable script, or copy insecure code from an open source project, only to have his website used a a redirector to hostile codes.

Finally, there are JavaScript exploits being used on the web pages hosted unknowingly, on Windows computers that have been taken over by the Storm Trojan. When people are enticed to visit those web pages the JavaScript routines will attempt to download and run hostile code against them, which if successful will add their computer to this ever-growing BotNet. See my recent blog post about the Storm Botnet, or search my blog for the phrase "Storm Trojan."

Here are 10 steps that PC users can take to protect their computers from all JavaScript exploits.

1. Apply all available Windows/Microsoft Updates, including Office product patches. This is a MUST DO.


2. If you have not updated your copy of Internet Explorer to version 7, do so now, then use Windows Updates to apply all released patches for it. IE 7 has built-in security features that simply cannot be applied to previous versions of that browser.


3. Set your Internet Explorer security level to medium high, or high. This will cause prompts to appear when scripts are asking for permission to run, which will be on almost every website you visit. This will drive you crazy, but at least give you a fighting chance.


4. Turn on the anti-phishing filter in IE 7.


5. To avoid the craziness that goes with securing Internet "Exploder," download and install the latest version of the Firefox browser, make it your default browser for browsing the Internet. Firefox does not run ActiveX controls at all and does not allow stealth downloads or installs. Every add-on or download must be manually approved. Set the options in Firefox to automatically check for updates to both the browser and any add-ons you've installed.


6. Install the No-Script add-on for Firefox, which blocks all known JavaScript and iFrame exploits, if you configure it properly. No-Script blocks JavaScript functions on websites, by default, but allows you to override it selectively, for sites you trust.


7. If you are uncommitted regarding an Internet Security product, try Trend Micro PC-cillin Internet Security 2008. It has resident shields that will intercept hostile scripts embedded in web pages, before they are downloaded to your browser. It also removes viruses, rootkits and spyware.


8. If you are currently operating as the Computer Administrator you should consider reducing your exposure to malware by changing to a Limited User account. This is not a trivial matter, but offers tremendous protection against accidental infections. I have also posted an article on my blog explaining how running with reduced privileges can protect you online.


9. If you are on broadband Internet make sure that you have a NAT (Network Address Translation) router between the modem and your computer. NAT routers hide your computers from incoming TCP/IP and UDP probes by malicious scripts and infected computers. Some modems have built-in NAT router sections, but some don't. A straight connection from a broadband modem to a PC can make it vulnerable to scripted attacks aimed at your TCP ports. A software firewall is a must for PC owners. Windows XP and contains a built-in one way (incoming) firewall, while Vista has a two way firewall (in and out).


10. Scan for acquired malware threats often, using up-to-date applications and definitions.

By applying these 10 steps you will have secured your PC as much as possible, while still allowing it to function on the Internet. The advise about running with reduced user privileges has been officially applied by Microsoft, to their Windows Vista operating system. Vista users normally operate with reduced privileges, unless administrator overrides are required to install, or uninstall a program or driver. It is still up to the user to determine if this is safe or not.

In the end, it is always up to the computer owner to decide what level of security they can tolerate, and what programs or add-ons they will allow to be installed onto their computers. If the user is duped by a cleverly worded spam email message, into clicking on a hostile link, no security warnings known to man will prevent them from installing what might turn out to be a Trojan horse application. It happens every day! Be vigilant and practice safe Hex!

Posted by Wiz at 3:22 PM | Permalink

Back in the days of Windows 95 I bought a program called PowerQuest Drive Image. Drive Image allowed me to take snapshots of my entire hard drive and save them to other hard drives, to be used to recover a failed master hard disk. Drive Image contained a fabulous utility named Magic Mover, which allowed me to move entire programs, with all of their settings and distributed system files, from one PC, or partition, to another. Unfortunately, Powerquest is no more, along with Magic Mover.

While answering questions on a computers section of a specialty forum, where I act as moderator, a member asked questions about moving programs, settings and preferences from his XP computer to his new Vista computer. Another member pointed him to the Windows Vista "Easy Transfer" utility, which can "move" a number of programs, which it knows about, from an XP computer to the Vista computer, over a cable or network connection.

Unfortunately, the original poster had programs he wanted moved, but are not listed in the Easy Transfer database. That's when another member mentioned a program by LapLink, called PCMover. This program can indeed move any or all of your programs, files, settings, or desktops, between two computers running Windows 95, 98, NT, Me, 2000, Media Center, XP, or Vista. Instead of taking one or more days to migrate all of your programs and settings, you can do this with PCMover in a few hours, or less.

PCmover can migrate your PC across a network, Laplink USB cable, Laplink parallel cable, Windows Easy Transfer Cable, or any type of removable media that can be read by both PCs. If your computer has multiple users, PCmover gives you the option to migrate some or all of the users at once. The security information about file ownership and access control is preserved for each user. You can even use PCmover to migrate your PC to an Intel-based Mac!

A single license of PCmover ($49.95) allows you to migrate from a single old (source) PC to a single new (destination) PC. Additional migrations require the purchase of additional licenses. For most end users this is not a problem, since they rarely have to perform such major transfers of programs. There is significant discount pricing available from LapLink, for people or businesses requiring multiple computer migrations, in 5 or 10 packs of migration licenses. Upon payment of a migration fee, the software transfers files and settings from your old computer to your new computer.

You can read more about PCMover - here.

Posted by Wiz at 12:53 AM | Permalink

By now most of you have seen hundreds of "Postcard" email scams in your inboxes and are getting tired of hitting the delete button (hopefully you are deleting them!). These messages have subjects containing phrases implying that a Friend, or Class-Mate or "Worshipper" (etc) has sent you a postcard, or ecard, or greeting postcard, etc. They all contain false details about an alleged e-card that is waiting for you if you click on the link supplied, usually with a numeric IP, followed a forward slash, a question mark, then a bunch of random characters, leading to a compromised PC hosting a web page containing hostile JavaScript to redirect you to a website that has the Storm Worm infector. Anybody who is foolish enough to click on that link, in a Windows PC, or Windows powered hand-held device, will probably be infected with the Storm Worm, or a variant thereof, and their PC will become a spam relay in a BotNet.

If you use MailWasher Pro to screen your incoming email I have an automatic solution for detecting and deleting these, and most other spam messages in the wild; my custom MailWasher filter rules targeting current types of spam. MailWasher Pro uses a text file called filters.txt to list custom conditions for identifying and acting against spam that matches the statements in these user configurable rules. A default installation produces a very basic filters.txt file, which is waiting for you to add your own custom rules to it.

If you don't know how to create your own MailWasher filters, visit my MailWasher Pro Filters page, where you will find my own list of custom filters for use with the MailWasher Pro email program. The filters will load into an iframe in the middle of the page (No, this is not an exploit, just an HTML inline frame with visible contents). There is a large set and a smaller set of filters. I use the smaller set which is targeted at the most recent varieties of spam in the wild. The large set includes the new rules plus anti-spam rules going back about 5 years.

To use my filters in your MailWasher application you should first copy the contents of the set you prefer to use (click inside iframe, press Control + A, press Control + C), or right-click on one of the file links on the web page and save it as "filters.txt" on your desktop. With MailWasher open click on Help > "About" which will open a box with the version and copyright details. At the bottom of this box there is a link to your personal profile data folder for MailWasher Pro. Click on the link at the bottom of the About box to open the MailWasherPro Application Data folder in a window, then close MailWasher. You must close MailWasher before editing filters.txt, otherwise your changes will be overwritten by the program. The only time you can work on filters with MailWasher open is if you use the Filters utility from within the program, to create or edit rules.

There will be a file named filters.txt in your MailWasher Pro application data folder. You will either overwrite it's contents, or add to them, depending on if you have created any of your own filter rules. If you haven't created your own filters and you downloaded one of my filters files and saved it as "filters.txt" just drag it from your desktop into the MailWasher Pro data folder and drop it there, allowing it to overwrite the existing copy.

If you chose to copy the contents in the iframe for pasting into the program's filters.txt, open filters.txt in NotePad, in the "MailWasherPro" Application Data folder. If you are going to add my filters to your existing rules choose a line where you want them to start (the beginning is a great place), click on the beginning of that line and press Control + V, to paste them in at that point. If you are going to overwrite the existing filters entirely click inside it and press Control + A (Select All), to highlight all of the contents, then press Control + V to paste my filter rules into the document, overwriting the contents, then save the changes (Alt > F > S). Make sure you don't have any blank lines between rules and that each rule begins on a new line. Turn off Word Wrap. Instructions are typed in the top comments of my rules.

After you have pasted in the new rules, close filters.txt, then open MailWasher Pro. My filters should now be loaded into the program and will delete most current incoming spam, either automatically, or manually. Use Control + F7 to display or hide the filter sidebar, in the program interface. Watch for spam messages that are hidden by some rules, which you must delete manually, by clicking on Process Mail (F6), on top of MailWasher Pro. Make it a practice to click on the Process Mail button every hour, whether there is anything marked for deletion or not. This frees up RAM and removes temporary data files created while the program is running. It will also delete hidden spam messages.

I update my rules very frequently, sometimes more than once on the same date. I post the last updated date in the comments of the filters, in the top of the files. Comments begin with //. Be sure you bookmark my MWP filters page and check it often for new or altered filters. There is a link under the iframe to sign up for alerts from ChangeDetection.com whenever it detects a new date stamp on the page.

I maintain a running thread on CastleCops about my custom MailWasher Pro filters, where I post notices about daily updates and where other MailWasher users provide input about them.

Posted by Wiz at 11:50 PM | Permalink

For those you don't know, MailWasher Pro is a renowned email screening, spam detection/deletion program, designed for people who use a POP3 email client to send and receive their email (Outlook, Outlook Express, Windows Mail, Thunderbird, Eudora, etc). It can be set to automatically check all of your POP3 email accounts at any whole-minutes interval you choose and contains built-in tools to detect spam messages and viruses, then deal with them in the manner you define. MailWasher Pro uses a variety of spam detection techniques including a Bayesian learning filter (with user overrides), configurable blacklists and whitelists, a database of known/reported spam, domain name server (DNS) blocklists, and user configurable custom filter rules to block various types of spam, or other unwanted email. Once incoming spam has been deleted from your email servers you can download legitimate messages to your email program, which should be set to manual mode when used with MailWasher as the front-end screener.

The custom filters are very powerful tools that many people don't fully understand, hence they often go unused by less technical users. Fortunately for them, I am part of a group of technically advanced MailWasher Pro users who have learned to develop and use these custom spam filters. In fact I am the author of many of the filters now in common use by MailWasher Pro users around the World.

I use MailWasher Pro, every day, all day long, to screen all of my incoming email for spam, scams and malware, across two dozen POP3 accounts and my custom filter rules usually block almost all incoming spam, scams and malware embedded or attached to email messages. This includes image spam promoting pump and dump stocks or counterfeit drugs, and fraudulent e-card/postcard messages with links to hostile scripts that might turn your PC into a member of a Zombie BotNet. However, as spammers tend to alter their codes occasionally, from one spam run to another, sometimes a previously effective rule will to fail to block a known type of spam. I usually detect these changes and apply them to existing or new filter rules within minutes of discovering a failure to detect and delete that type of spam. I then publish these alterations and/or additions to copies of my filters that are available for copying and pasting into your own MWP filters.txt file. See my extended comments for more information about the location of the Filters.txt file.

The gist of all this is that since I hate spam and spammers I have been updating and fine-tuning my MailWasher Pro filters quite often these days, sometimes more than once per day, to respond to changes in spam runs. You can find my most recently updated/uploaded filter sets on my MailWasher Pro Filters page. Since this is time consuming work I am not too proud to accept PayPal donations from any of you who are benefiting from my ongoing filters work and can afford to make a contribution to the cause. Thanks in advance!

See my personal thread on CastleCops for background details about my development of image spam filters and my regular filter update notices. See my MailWasher Pro product details page for complete information about this spam screening tool, with links to download a trial version, or to purchase a permanent license (pay once, get upgrades for life). I am also available for hire to write custom MailWasher filter rules for individuals or organizations. Contact me with your requirements and I'll send you an estimate.

Continue reading "Wizcrafts MailWasher Pro Anti-Spam Filters Updated Frequently" »

Posted by Wiz at 12:28 AM | Permalink

With viruses, spyware, adware, keyloggers, browser/search hijackers, rootkits, and remote control spam relays infecting or taking over control of up to 75% (estimates) of the online Windows computers in the world, responsible, concerned people want to know how they can protect their computers from such rampant, recurring threats. Many folks I know have had spyware or viruses removed only to have them reappear some time later and they are confounded, because they don't realize how these threats get installed in the first place.

Running anti-virus, anti-spyware and firewall applications is a must for Windows users, but they may not stop something malicious that slips past your defenses that may be hidden inside a program or file you intensionally downloaded and installed. The innocent application or utility you downloaded may have installed a backdoor program on your computer and that program may take over control and allow more malware to be sent to your computer. Many of the multiple infections that occur so often are piggybacked onto downloaders that get installed first, without your knowledge. They lower your security settings and sometimes hide from known security programs until it is too late. Some of them even terminate anti-virus, anti-spyware and firewall programs, leaving you totally unprotected.

These hidden threats inside supposedly useful programs are called Trojan Horses, named after the legendary huge wooden gift horse that the Greek invaders gave to the army of Troy, after a lengthly siege. It was supposed to be a symbol of submission from a defeated enemy (the Greek army) to the winners (the Trojans). Somehow the Trojans were fooled into accepting the gift horse, thinking that the Greek army had evacuated the area and given up the siege. They brought it into their gates and celebrated their alleged victory and when they were good and drunk the Greek soldiers who were hidden inside the hollow places in the wooden horse emerged, opened the gates to let in the rest of their hidden army, then slaughtered the Trojan soldiers and men and sold the women and children into slavery. So the legend goes and so go the modern day software soldiers who hide encoded inside seemingly useful programs, only to invade your system and wreak havoc.

Any infected code that you acquire and activate, or is self activating, will be run with the same rights as the logged-on user, which in most cases is Administrator level rights (privileges).

All of the previously mentioned malware threats require computer administrator privileges to fully install themselves into the operating system, or overwrite system files, or to write to the Local_Machine branch of the Windows Registry, or to hide as rootkits. Windows 2000 and XP users running with reduced privileges, as a Limited User, are protected against virtually all malware threats that need to install into the system to function. Windows 2000 or XP Professional Power Users have reduced, but not complete vulnerability to these threats. I personally run as a Power User and have not acquired any drive-by, downloaded, or browser exploited malware infections at all. I also use several anti-spyware programs, and anti-virus program and both hardware and software firewalls. I browse with Firefox, not Internet Explorer and keep everything up to date with patches and security fixes, as soon as I learn about their availability. Then I post notices on my blog to alert you all.

Some of my readers have problems running as Limited Users and I help them as much as possible to understand how things need to be done to work within and around those limitations. If you run with reduced user privileges your choice of updates will be more limited than if you apply them from an administrator level account. You would do this by first applying the updates as a Limited or Power User, then Switch Users or log onto an Administrator account and re-apply the updates and immunizations. Many security programs will require you to switch to, or log into an administrator level account to perform program updates (if not definition updates), then reboot. Others are more friendly to Limited Users after being installed by an Administrator.

I have posted more information about running with reduced user privileges, here and here.

Always assign a strong password to any Computer Administrator level accounts. Always try to run as a Limited User, or at most a Power User, under Windows 2000 or XP Professional. The Power User group is not available in XP Home, so don't bother looking for it.

Windows Vista begins a new era in user protection (out of the box) by running all accounts as Limited Users, with Power User-like rights and rights elevation prompts when you try to do something that requires full administrative privileges. I will blog about Vista's User Account Controls, and it's rights elevation prompts, in a separate article, on a future date.

Posted by Wiz at 11:53 PM | Permalink

I am the happy owner of a used Dell Latitude C610 laptop computer. It hums away on Windows XP Professional, with 512 MB of RAM and a smallish - 20 GB hard drive. The Latitude battery still delivers over 5 hours uptime at full charge. The monitor screen is crisp and bright and I only paid $250 for it in a computer store. My only gripe has been with the mouse pointer wandering on it's own, at random times, for no apparent reason, sometimes completely out of sight.

I did a little online research on Google and found several forums where other Latitude users were complaining about the same wandering / drifting mouse pointer problems as I had (past tense). I read about some pretty drastic solutions some people have used to stop the drifting pointers, including opening up the case and cutting wires. That sounded like a way-too-drastic way to cure the problem. Other suggestions I saw involved opening the case, lifting the keyboard, then inserting an anti-static hardware bag over a metal clip, which supposedly was rubbing against the touch pad's bottom side.

Then in the midst of all this madness I found one voice of sanity from a user who simply downloaded the newest touch pad drivers for his Dell laptop. I followed up that link to the Synaptics website, where they offer generic drivers for their touch pad devices, but also provided links to each manufacturer who uses their touch pads. Dell was listed, so I went to the Dell support site, followed links and options to get to all available downloads for my Latitude C610, scrolled through the long list and finally found an update for the Dell-Synaptic Touch pad. Bingo!

After downloading and installing the new touch pad driver I rebooted (required). When I logged back into Windows I found a new icon in the SysTray, for the Synaptics Touch pad. I opened the new Mouse/Touch-Pad Pointer Properties and went through all of the new options. One option is to disable the Joystick pointer that looks like a pencil eraser, in the midst of the keyboard, or to change it's sensitivity. I opted to make it less sensitive rather than disabling it, and voila, my drifting pointer problem was gone! No cutting of wires, or inserting of bags under the chassis. A simple software download and a few minutes of configuring the awesome new pointer options and all was well with my mouse pointer, on my Dell Latitude. Plus, I took advantage of other new options in the software and enabled horizontal and vertical scroll zones and tap to click on the touch pad.

If you own a Dell laptop and your pointer is drifting all over the place, visit the Dell support website, or the Synaptics website and download the newest driver for your touch pad and operating system.

Posted by Wiz at 6:46 PM | Permalink

Over the past few months there have been a slew of vulnerabilities reported and patched in the Apple QuickTime Player-Plug-in application. QuickTime ships with Apple iTunes when people install that application onto their computers, and millions of other folks install QuickTime to play .mov videos and mp3 files in their browsers. That means that tens or hundreds of millions of computers have QuickTime installed, and knowing the way a lot of people (don't) think about security updates, a large percentage of them are outdated and vulnerable versions of the application. In my previous blog post I revealed six new extremely critical vulnerabilities in Apple's QuickTime Player-Plug-in, revealed in early March, 2007. If you are thinking there has to be a better way to play mp3, .mov and other QuickTime file formats, without leaving your computer open to takeover from exploits against the Apple QuickTime Player, read on.

QuickTime Alternative will allow you to play QuickTime files (.mov, .qt, .3gp and other extensions) without having to install the official QuickTime Player. It also supports QuickTime content that is embedded in webpages. If you browse with Firefox and load a page that has embedded .mp3 or .wav music you have probably seen a yellow notice bar appear telling you that you need to install a missing plug-in to play content on that page. It usually refers to an embedded sound file that normally plays automatically in Internet Explorer and the recommended Firefox plug-in is almost always Apple QuickTime. The QuickTime Alternative satisfies that missing plug-in problem and will automatically playback embedded audio files, after you configure it to do so.

I have been using a free alternative to the QuickTime Player-Plug-in for several years, through various updates. It plays all of the file formats that the official player handles, when configured to play them, more securely than the Apple version. The free QuickTime Alternative player is available from free-codecs.com, on this page. Click on the Download link then look through the list of files for the most recent version, for your operating system. At the time I wrote this the newest version was 1.78, released on March 7, 2007. The alternative player is updated to remain compatible with the file types handled by QuickTime, and is not vulnerable to the same exploits as the official player is. The underlying application behind the QuickTime Alternative is called Media Player Classic, which is updated every time the alternative QuickTime player is updated.

If you decide to install substitute the alternative player you must configure it to handle the file types you want it associated with, as the default player. Details for doing this are in my extended comments.

Also available for free download is a Real Media Alternative Player. Real Alternative will allow you to play RealMedia files without having to install RealPlayer/RealOne Player.

Continue reading "About the QuickTime Alternative Player-Plug-in" »

Posted by Wiz at 3:44 PM | Permalink

This article really falls under the catagory of Usability and Accessibility, as it deals with overriding fonts that are hard to read for some people with sight problems. Viewability has often been overlooked by website template writers who may be young and gifted with very good eyesight, hence they code their fonts to be a fixed size that they find comfortable. Those font sizes are often entirely too small for the elderly, or people with limited sight to resolve. Add to this the fact that web browsers are designed to display web pages as per the styles and fonts specified by the site designers, and that while these fonts sizes can be overridden, it is not always obvious to the users as to how they can do so. Furthermore, even if these folks know how to override default fonts on a webpage, they are forced to do this everytime they revisit that website, since browsers reset to factory default display mode after being closed out and re-opened.

I have often been asked for advise on changing website specified fonts to those preferred by the users, on forums and via direct inquiries (I am the Wiz and am assumed to know all the answers to all the questions!). Instances where this is an issue are typically on forums, where the default stylesheet uses fixed font sizes and/or colors, which the viewer may find difficult to read. People gifted with good eyesight shouldn't goff at this. Your day is coming too.

On a forum where I am the Moderator I was recently asked if it is possible to override the default font size permanently, just for that forum. The administrator is planning to rewrite the stylesheets to allow relative font sizes to be used, which is definitely more user friendly, especially to those with poor eyesight, but until that is accomplished I was able to find a means whereby people using Firefox browsers can create their own custom stylesheet in place of the one used by that forum. The really interesting thing about this custom stylesheet is that it can be specifically targetted to control only the fonts (family, size, color, boldness) on a particular webpage, or for an entire domain. This is good news if you are a frequent reader of a particular forum that uses fixed fonts that you have trouble reading. I have researched a solution for Firefox browser users to override the fonts on a particular website, or even on a particular page or sub-forum. From now on I will refer to this location as the URL.

The rest of this article pertains to the Firefox custom stylesheet workaround. I will publish information for Internet Explorer users in another article.

To begin, you will need find your Firefox Profile folder. Instructions for locating this folder are here, in my extended comments.

The method:
Once you have opened your Firefox Profile folder, open the sub-directory named "Chrome". You will have to create a new text file and name it userContent.css. You can do this in Windows using Notepad, by right-clicking inside the Profile folder and left-clicking on "New," then left-click on "Text document." After you add the pertinent commands to the new text document you should rename it to userContent.css (right-click on file and choose Rename, then type or paste in the new name, then click away from it). Alternately, you can open the sample file named "userContent-example.css" and edit it, then Save As, or Rename it to userContent.css

Here is an example of a custom Firefox Stylesheet to increase the font size, using Percentages or EMs as a measurement, for an exemplified forum URL, where the forum runs on current phpBB code.

@-moz-document url-prefix(http://www.forum.domain.com/) {
.postbody { font-size : 1.2em !important; }
}

Or else, use percentages, like this:

@-moz-document url-prefix(http://www.forum.domain.com/) {
.postbody { font-size : 120% !important; }
}

If the forum's BB code for the class postbody includes a fixed size line-height declaration you can add this to your custom rule: line-height: 1.3em !important;, or line-height: 130% !important;. Alter the em or % number to obtain the best line spacing and to avoid cutting off lower parts of drop letters, like lowercase g, j, p, q, or y.

You would change the URL (http://www.forum.domain.com/) to that of your preferred forum, by copying and pasting it from your browser's address bar. If the forum runs on phpBB code and you want to change the font size in the body of Posts leave the class .postbody as is. Otherwise, you can specify Body to override all font sizes, and use a percentage increase, instead of a set font size. Using the command !important; causes your style rule to override that of the website.

You can discover what stylesheet or css rules are being applied to a web page by viewing the source. In Firefox you press Control + U. Some stylesheets are included in the page you are viewing, within a set of <style> ... </style> tags. Others are in external files. Look in the HEAD section for a line containing; <link rel="stylesheet" type="text/css" src="URL">. Note the location of the external css file as listed in the src=" " part, then highlight and copy it with your mouse. Then go back to the web page in the browser, click on the URL in the address bar, remove any filename and sub-directory that is showing and paste the location of the stylesheet onto the end of the base URL, like this deactivated example:

ht*p://w*w.example.com/templates/site-style.css

If you got it right the stylesheet will display as plain text in the browser, where you can read it or save it as a .css or .txt file. Study the stylesheet to learn about the names of the Classes (names beginning with a period, as in .postbody) and IDs (names beginning with a # sign, like #content), that are assigned font size rules you want to override, and use those class or id names in your custom stylesheet, for that website.

By employing these techniques you can override the preset styles of virtually any website you may frequent, making it easier to view for your eyesight and monitor size situation. I will be posting more information about other techniques to change the font sizes in other articles on my blog.

Continue reading "How to create a custom personal stylesheet for Firefox browsers" »

Posted by Wiz at 11:35 PM | Permalink

CastleCops A new filter set for MWP users brought to you by Wizcrafts!

I just updated my most effective MailWasher Pro image spam filter to catch a new variant; jpegs instead of gifs. The updated filters are here.

The new rule, just under the "Restored From MailWasher Recycle Bin" rule, catches 99% of the image spam sent to me. It uses only one regular expression and is faster acting than the other rules that use more regular expression matches.

If you are not currently using a spam filter and are getting deluged with image spams for penny stocks, the combination of the email screening program MailWasher Pro and my custom MailWasher filters will reduce your visible spam to a tiny percentage of what you are probably seeing right now.

Note: The MailWasher Pro filters.txt does not go into the program directory. It goes into the MailWasherPro subdirectory under Documents and Settings\(your profile)\Application Data\. You can find this direectory and it's contents by opening MailWasher Pro, clicking on "Help," "About" and on the link on the bottom of the "About" box.

Continue reading "MailWasher Pro Image Spam Filters Updated" »

Posted by Wiz at 1:10 PM | Permalink

My regular readers know that I use and promote the email screening program - MailWasher Pro. This inexpensive program screens incoming email for threats or spam, using a combination of blacklists, blocklists, user-reported known spam, "Bayesian" learning filters and best of all, user configurable filter rules. The user filters in MailWasher Pro allow for matching positive or negative words and Regular Expressions and are capable of detecting just about any known type of spam trick that exists, by employing the correct combinations of test conditions.

In my last Blog entry about MailWasher Pro I mentioned that I have developed custom filters to detect and delete image spam with garbage text. This spam is quite prevalent now and is entirely sent from tens of thousands of compromised home and office computers, that have been involuntarily drafted into BotNets, by spammers. Bothered by this senseless spam, mostly for investment stocks, I developed a group of filters that recognize variations of this crap and delete it automatically, without me ever having to see it. I have been fine-tuning my image spam filters to catch variations of the original coding, which is changing every week or two.

A few days ago I was reading new posts on the MailWasher Pro Forum at CastleCops, when I came across a topic where the OP (original poster) was looking for help to block these very image spam messages. I answered with a link to my online copy of my MailWasher Pro filters and made a few people very happy with the solution to this type of spam. Since spammers' techniques change frequently, I have been updating my filters to meet those changes, and posting news in a thread that now has my name in the Title. Additionally, I have been further honored by having my filters linked to in the MailWasher Wiki, on CastleCops.com.

If you are troubled by spam, whether in words or images, and are looking for a way to detect and delete it, without having to read it again, try MailWasher Pro. It is free to try for 30 days and only costs $37.00 USD to register, with free updates for life. You can learn more about MailWasher Pro here. There are links on that page to view my custom filters.

Posted by Wiz at 5:37 PM | Permalink

If you are barraged with spam for junk stocks, with an image and garbage text, and want to put a stop to it clogging up your inbox, MailWasher Pro is the right tool for the job. If you already have a licensed version of MailWasher Pro you probably know how to use custom user created filter rules to detect and delete spam. But, you may not know how to block image-only spam that comes from zombie home and office computers that are part of a BotNet. I have created and tested filter rules to delete this crap off the mail server without ever seeing it. Learn all about MailWasher Pro here.

If you are already using custom filters you just have to add my filters to the MailWasher Pro filters.txt file. This file is located in your profile under Documents and Settings > (Your_Account_Name folder) > Application Data > MailWasher Pro. You will need to set your Folder View Options to display Hidden Files and Folders and to display known file extensions, or these items will not be visible. If you need to set these options follow the instructions in the Extended Comments ("Read more...").

You will see a file named Filters.txt, inside the MailWasher Pro Application Data folder. Open in it Notepad then open my special filter rules: Select all and copy the rules in the popup window, then paste the rules into Filters.txt, near the top of the filters list. Make sure that each rule is on it's own continuous line, starting with [enabled]. Be sure that you do not have any blank spaces after the end of any filter rules, or any blank lines between filter rules. These things cause problems in the program. The last rule in Filters.txt should end after the last character, without a linefeed or carriage return.

Since spammers change their particulars from time to time I will alter these rules, or add new ones to continue to block this senseless spam for junk stocks and all other spam. These and the rest of my custom filters are available on my MailWasher Pro page. To be safe in case a legitimate email is deleted by one of these filter rules I have included a rule to display any email that you restore from the MailWasher Pro Recycle Bin. You should turn on this feature by going to Tools > Options > Summary > Recycle Bin and check the option to restore email, then type a valid email address from which you can send email, into the Outgoing Mail Settings field.

Never, ever buy anything that is advertised in a spam email, and never reply to one. Delete, delete, delete! If you are a reporting member of SpamCop you can also report, report, report! MailWasher Pro has a checkbox to forward spam manually to your SpamCop account, but you must respond to their reply message to actually file the report.

MailWasher Pro is free to try for 30 days, and costs only $37.00 to register, which includes a one year, renewable subscription to the FirstAlert! spam reporting system, plus, FREE Mailwasher program updates for life.

MailWasher Pro has always supported Windows and now supports Mac OS X 10.3 and Linux (for list of supported distributions, please see the download page link on this page).

Continue reading "Automatically Delete Image Spam With MailWasher Pro" »

Posted by Wiz at 1:01 PM | Permalink

Published on 08-19-2006 | Updated on 4-24-2007

Webroot, the manufacturer of Spy Sweeper has released a study which finds that 89% of PCs connected to the Internet contain some spyware/adware infections, with the average home computer hosting 30 different malware programs. Furthermore, according to the Webroot® State of Internet Security report, issued on March 28, 2007, 43 percent of companies surveyed globally have suffered a business disruption due to malware and 60 percent of businesses polled don't have an information security plan.

According to the Webroot study, purveyors of malware are increasingly harnessing the popularity of social networks and Web video to infect PCs. Spyware's threat is getting nastier. Infection rates are on the rise, in part thanks to the surging popularity of social-networking sites like MySpace.com.

"We're finding that the social-networking sites like MySpace are turning out to be hotbeds for spyware," CEO Dave Moll says. "People are creating multiple profiles, and the links on their sites will take you to sites that will either download or drive-by download adware and spyware."

It doesn't help that many younger users aren't sufficiently cautious about where and how they surf the Web, Moll says. "They're not looking out for danger in quite the way that more skeptical adults do," he says. "Kids on MySpace and sites like it act as though they are in a safe youth-only environment, and as a result their behavior is less cautious, and that is something that is being preyed upon by all kinds of Internet villains. And we think spyware creators will be the most aggressive in exploiting that."

Spyware creators are also employing a wider arsenal of weapons. They're piggybacking on other, more malicious types of programs such as rootkits, a type of program that conceals itself, and keyloggers, which record a user's keystrokes on a PC.

All of these infections on Windows PCs are possible in part because so many users are operating the computers with Administrator level privileges. This means that a virus or other malware program has the same rights as you do (full control), over the operating system. If the owners of these computers would switch to using a Limited User account to do their browsing, email and instant messaging the infection rate would drop off the measurable radar.

I have devoted an entire web page to the subject of creating and using Limited or Power User accounts, instead of using the default Administrator level account your computer started with. Go read that page, then create a new Limited or Power User account for your daily use. You can copy your existing settings and preferences to the new account, including your desktop icons and start menu items. Alternately, instead of creating a new Limited User account, create a new "Computer Administrator" account, assigning it a password. Log off the account you are using for everyday use and log onto the new "Computer Administrator" account to set it up as an identity. Once inside that account you can go to Start > Control Panel > User Accounts and change your other account to a "Limited User." When you log back onto your regular account all your icons and settings will still be there, but your user rights will be lowered for your protection.

As a Limited user you cannot install some programs, or uninstall any, nor can you run the Disk Defragmenter or manage accounts and policies. To do these things you can either use the Run As command (explained on the Privileges page), or use the Switch User function to log in to your Administrator level account, do what needs doing, then log off that and log back onto the Limited account.

This really works to protect your computer against virtually all of the current known exploits. If you read the various bulletins released every month by Microsoft, concerning this or that new vulnerability, you'll see a paragraph explaining that the scope of the damage is proportional to the level of privileges on the account you are logged onto. If you are using an account that does not have privileges to create, delete, rename, or alter any files in the operating system directories, the danger from accidentally downloaded malware is close to nil, in that account. This includes the entire crop of browser search hijackers and BHOs. They all depend on being able to write to the local machine branch of the Windows Registry to do their dirty work. Furthermore, if something does manage to attach itself to your browser, under a Limited Account, it cannot jump across identities to infect the administrator account, or other user accounts. Also, viruses and spyware cannot disable your anti-virus, or anti spyware, or firewall programs, from within a Limited User account, but those programs can go after the attackers and remove them before they find a way to install into the system.

Read about an exploit that masquerades as a video decoder to install the Zlob Trojan -->

Continue reading "Limited User Privileges Protect PCs From Adware, Rootkits, Spyware and Viruses" »

Posted by Wiz at 4:37 PM | Permalink

I was recently participating in a forum discussion about AVG Free anti virus and one of the members complained that AVG's scheduler would a: only check for updates once a day, and b: not look for updates at all when his computer was in standby mode. I researched a solution that I have tested on my own computer and seems to work fine.

I used Windows Task Scheduler to create a task to wake the computer (if asleep) and run the AVG Updater from the scheduler commandline, then automatically either fetch and install an available update, or instantly exit if no update is available at that moment. You can create multiple daily schedules with Windows Task Scheduler, but only one daily with the AVG Free scheduler. The steps to create the schedule and the commandline used are listed below.

* Go to Start > All Programs > Accessories > System Tools > Scheduled Tasks
* Open the Task Scheduler and double-click on Add Scheduled Task
* When the Scheduled Tasks Wizard opens click on Next
* When the second tab opens you will have to use the Browse button to locate the AVG program and it's updater file
* If you installed AVG into the default directory, navigate to Program Files\Grisoft\AVG Free\avginet.exe and double-click on that file to add it to the scheduler. Type a name for this task; e.g. AVG Updater
* Click on Daily to choose that option, then click Next
* Set the time of day you want it to run, Every Day, and the Start Date, then click Next
* Your account name should be in the User Name field. Type and retype your login password to authorize the scheduled task and click on Next
* Check the option to open the Advanced Properties when you click Finish
* Click on the Settings tab
* Put a check in the last option, "Wake the computer to run this task" and click Apply. Click OK. Your task is almost ready to run, but needs at least one edit. Unless you edit the commandline as follows it will not download an update unless you click on the prompt box. My edit bypasses that prompt and automatically downloads and installs updates.
* Go back to the Scheduled Tasks window and locate your new task and double click on it to open it's properties box. You should see this command: "C:\Program Files\Grisoft\AVG Free\avginet.exe"
* Add a space to the end of that command (spacebar) then type this exactly: /SCHED=
* The final command should be: "C:\Program Files\Grisoft\AVG Free\avginet.exe" /SCHED=
* If you are prompted for your user name and password type them in and click OK. If you don't use a password just press Enter.
* You can also modify the schedule from the Schedule Properties by clicking on the Schedule Tab and the Advanced button, where you can schedule it to run any number of times at any interval.
* When you are done editing the schedule click on Apply, then OK, to close the task properties.

Using those steps should wake your computer if it is in standby or hibernation, then poll for updates and download any that are available. It works on my Windows XP Professional computer, using AVG Free, latest version.

Wiz

Posted by Wiz at 9:52 AM | Permalink

If you have inadvertently installed Microsoft Windows Genuine Advantage (WGA) Notifications and are getting popup notices concerning the validity of your operating system, these instructions will help you to remove this optional (at this moment) Windows component.

SUMMARY
This article applies to the version of Microsoft Windows Genuine Advantage (WGA) Notifications that is distributed during the pilot program. For example, this version is included in the pre-release version that accompanies the Microsoft Software License Terms. To safely and easily uninstall the pilot version, you must install the general release version of WGA Notifications. If you do not install this version, you can follow the steps in this article to disable or uninstall the pilot version.

Important These instructions have not been tested on the general release version of the WGA Notifications. Therefore, these instructions are not supported. Microsoft will offer the general release version of WGA Notifications to users who uninstall the pilot version at a later date. These users will obtain the general release version through the Microsoft Automatic Update service. WGA Notifications is part of the Windows Genuine Advantage program.

When you use a non-genuine version of Windows, you receive a message when you log on that states that the copy of Windows appears to be non-genuine. Then, you are directed to the WGA Web site to learn more. If you do not want to obtain a genuine copy of Windows, you receive periodic messages that notify you that the copy of Windows appears to be non-genuine.

Note If you are running a genuine copy of Windows and want to use WGA Notifications, you may receive messages to update Windows XP.

Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender.

MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Disable WGA Notifications
1. Log on to the computer by using an account that has administrative permissions.
2. Make sure that the WGA Notifications version that exists on the computer is a pilot version. The version format for the pilot version is 1.5.0532.x. In this case, you can uninstall versions 527-532 only. For example, you can uninstall versions that range from 1.5.0527.0 to 1.5.0532.2. To find the WGA Notifications version, follow these steps:
a. Click Start, and then click Control Panel.
b. Double-click Add or Remove Programs, locate and then click Windows XP - Software, then click Windows Genuine Advantage Notifications, and then click Click here for support information.
c. In the Support Info dialog box, verify the version number, and then click Close.
3. Rename the following files by changing the extension to .old:
� Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old
� Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old
4. Restart the computer.

Manually uninstall WGA Notifications
1. Log on to the computer by using an account that has administrative permissions.
2. Make sure that the WGA Notifications version that exists on the computer is a pilot version. The version format for the pilot version is 1.5.0532.x. In this case, you can uninstall versions 527-532 only. For example, you can uninstall versions that range from 1.5.0527.0 to 1.5.0532.2. To find the WGA Notifications version, follow these steps:
a. Click Start, and then click Control Panel.
b. Double-click Add or uninstall Programs, locate and then click Windows Genuine Advantage Notifications, and then click Click here for support information.
c. In the Support Info dialog box, verify the version number, and then click Close.
3. Rename the following files by changing the extension to .old:
� Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old
� Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old
4. Restart the computer.
5. Unregister LegitCheckControl.dll by using Regsvr32. To do this, follow these steps:
a. Click Start, click Run, type cmd, and then click OK.
b. At the command prompt, type the following, and then press ENTER:
Regsvr32 %Windir%\system32\LegitCheckControl.dll /u
6. Restart the computer.
7. Click Start, click Run, type cmd, and then click OK.
8. At the command prompt, delete the following files by typing the Del command. Press ENTER after you type each command.
� Del %Windir%\system32\wgalogon.old
� Del %Windir%\system32\WgaTray.old
� Del %Windir%\system32\LegitCheckControl.dll
9. At the command prompt, type regedit.
10. Locate and then right-click the following registry subkeys. Click Delete after you locate each subkey.
� HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\Notify\WgaLogon
� HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\WgaNotify

Continue reading "How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications" »

Posted by Wiz at 10:37 PM | Permalink

"Spam," in computer-speak, refers to Unsolicited, Commercial Email (UCE) or "Junkmail." Spam is used to hawk everything from counterfeit brand name watches and prescription drugs, to mortgages and loans. Nobody I know wants to receive junk mail, whether in their postal mailbox or computer inbox. Yet, most people who venture online with an email account will be spammed, some to the point where spam email represents 80% of their weekly incoming email. These folks are in serious need of a real solution to help reduce the level of spam that reaches their inboxes. I am going to describe a solution to your email spam problem in this post.

Before I continue with my solution I have to tell you that it is software based screening program that does not work with browser-based email systems (AOL, Yahoo, Webmail, or other proprietary email systems). You must be receiving your email via a separate stand-alone POP3 email "client," like Outlook, Outlook Express, Euroda, Thunderbird, or a similar email program. If you are using one of these stand-alone email clients the rest of this discussion applies to you. If not, you are at the mercy of your ISP or email service provider to filter out spam and viruses.

My solution to dealing with spam is to screen all incoming email and filter out anything that trips one of the filter conditions, or is otherwise identified by it's content as a phishing attempt, 419-type scam, spam or virus. The program that does this is named MailWasher Pro and I've been using it for several years, and recommend it to all of my friends and clients.

MailWasher Pro intercepts incoming POP3 email accounts (as many as you have setup in it), reads an adjustable number of lines of text, including the full incoming headers, then compares the results with internal and external blacklists and blocklists, and databases of known spam, and sources of spam, as well as known or suspected viruses. MailWasher Pro also contains a built-in Bayesian Learning Filter that you can train to recognize what you call spam and what you don't. Lastly, one of the most powerful features is the user created filters that can be customized to identify virtually any type of undesirable email and either mark it for manual deletion and blacklisting, or automatically delete it immediately. These user filters use both plain text and Regular Expressions to identify strings of text or code that give away a spam message, or virus, or exploit.

If the message contains content that matches any known conditions it is either flagged to be deleted or is automatically deleted from the email server, according to your choices when you set it up. If you are a member of SpamCop MailWasher Pro can forward spam messages directly to your reporting account. SpamCop will generate an autoreply message that contains a link that you must click on to finish the reporting process, because they require manual reports to be filed at all times. Still, this saves you the trouble of displaying the source code, then copying it and pasting it into a browser report field on SpamCop's reporting page.

I have created an entire web page detailing MailWasher Pro and how it works. I have also included a link on that page to a sample of my custom filters that are responsible for eliminating huge amounts of spam, including "image spam." It should be noted that spammer techniques are not standing still and neither are my efforts to create effective rules to counter new spam tricks.

MailWasher Pro is a commercial program that is free to try for 30 days. If you wish to continue using it you will have to pay to license it. The current registration price is $37.00, which includes Free Upgrades for Life. It also includes your first year subscription to the optional FirstAlert! members' reporting system. You can read all about this on my MailWasher Pro web page.

You can go straight to the MailWasher Pro website and download a 30 day trial, by clicking on this banner:

Continue reading "MailWasher Pro Screens Incoming Email and Filters Out Spam and Viruses" »

Posted by Wiz at 10:25 PM | Permalink

Everybody who has an email account is plagued by the spam and scam epidemic that is polluting your inboxes. Most people simply deal with having to resort to hitting Delete over and over again. Others, like yours truly, do something about it. I report all spam that gets through my defenses to SpamCop, where I have a Reporting Member account. I also use an email screening program that automatically deletes most spam, which I will talk about later in this article.

The SpamCop reporting system requires you to be able to display, copy and paste the complete message source, including the normally hidden headers. Displaying an email's source code is what this article is about. Even if you are not a SpamCop reporting member learning how to read the headers will allow you to trace the origin of scam emails (links in extended comments) from financial fraud artists in countries like Nigeria, and to file complaints with the Internet Service Providers that provide the connections to the scammers or spammers.

I am frequently asked "how do I display email headers and source code?" The methods vary with the email client (program), but every one I have seen will offer some means of displaying the full incoming headers. The following sections cover Microsoft Outlook and Outlook Express, Hotmail and Yahoo! browser-based email.

MS Outlook
Double click the message to open it in its own window. Then click View-Options and you can view the data in the "Internet headers" pane. You can copy that data and paste it into another email or SpamCop report.

Outlook Express
If the message is not open, right-click on the message in your Inbox and select Properties > Details > Message Source (button).

If the message is already open, simply press Control and F3 (together) and the "Message Source" window will appear. Once the source code is displayed in the resizable window you can copy it and paste it into a report.

Hotmail
If you are using browser-based Hotmail, login and go to "Options." At the Options page click the link labeled "Mail Display Settings" and find the section "Message Headers." Put the dot in the option "Full." Click on "OK" at the bottom to save your changes. Now, when you get a scam email and Forward it the recipient can read the full headers.

You can reveal the complete source code of any email in Hotmail by opening the message and looking for the blue link labeled "View E-mail Message Source," just above the white email message body. The source will open in a new browser window, and can be copied and pasted.

Yahoo!
If you use Yahoo! email, login and click on "Mail Options." When the options page loads locate the section labeled Personalization and click on the link labeled "General Preferences." On the General Preferences" page scroll to "Messages" and put the dot in the radio choice labeled "Show ALL Headers."

To forward the headers with an email scam or spam, scroll down farther to "Message Actions" and find "Forwarding Messages." Select the radio choice to "Forward as Inline Text." Click the "Save" button at the bottom. After this all you have to do is Forward any scam emails and the full headers will be at the top of the message.

SpamCop has a list of commonly used email programs, including AOL, with instructions for either displaying the full headers, and/or forwarding as an attachment.

With the source cody copied to the Windows Clipboard you can paste it into the report text field in your SpamCop member's reporting page, or paste it into an email that you will send to an authority who can deal with tracing or reporting it, or you can paste it into a new Notepad document and save it for your own analysis.

Continue reading "How to display the headers of spam/scam emails, for reporting or tracing the source." »

Posted by Wiz at 11:17 AM | Permalink

I am frequently asked about securing the Outlook Express email client. One of the recurring questions is "why can't I receive file attachments in my email?"

Answer:
The default security setting for Outlook Express is to block file attachments. To allow attachments to be downloaded and opened click on the menu item "Tools" then on Options > Security, and UNCHECK the option labeled "Do not allow attachments to be saved or opened that could potentially be a virus."

What do the other security options control and what effect do they have on my email capabilities?

Virus Protection

"Select the Internet Explorer security zone to use:"
I would recommend selecting the radio option to use the Restricted sites zone(More secure), as it will disable some common exploit codes used by viruses, and spyware distributers. By reading email in the Restricted sites zone you prevent tracking cookies from loading, Javascript from running, and cloaked links to phishing sites will reveal their true destination when you hover the mouse over them.

"Warn me when other applications try to send email as me." This will alert you if a Worm gets onto your computer and starts sending out mass spam or virus infected emails that appear to come from you. While this won't catch more sophisticated email sending exploits (using their own SMTP engine), it may stop some exploits from going out with your return address in them. Always select this option.

Download Images:

"Block images and other external content in HTML e-mail."
If you select this option you will not be able to view images in your email. It also prevents tracking gifs, sound files, and flash ads from loading when you open an email. This pretty much cripples 80% of the email you may want to receive, in return for blocking images and tracking gifs in a small percentage of unsolicited commercial email (spam). I personally do not check this option.

The other options only apply to people who maintain digital ID certificates, to apply them when sending or receiving messsages. Most of us don't use any of those options.

After you have checked or unchecked your desired settings click Apply to save them, then OK to close the options window.

Continue reading "How to control the downloading of email attachments or other harmful content in Outlook Express" »

Posted by Wiz at 3:48 PM | Permalink

If you have been using an unlicensed copy of Windows XP, Home, Professional, Corporate, or Media version, you already know that Manual Windows Updates and optional Windows XP enhancements and driver updates are not available to you. You may have turned on Automatic Windows Updates to at least receive security patches. You may also be one of the millions of users of unlicensed installations of Windows XP to receive the WGA Piracy popup notices, when you login, and while you are using your computer. You may already know the one I mean. It says:

"This copy of Windows is not genuine; you may be a victim of software counterfeiting." The popups notices will continue to occur until such time as the computer owner installs a valid license code, which may require a phone call to Microsoft support.

In a previous article on this blog I covered the situation in depth, along with temporary worarounds and a permanent solution. This article deals with and recaps the better, permanent solution. Click on the Continue Reading link below, for the full details.

Continue reading "Converting an unlicensed copy of Windows XP to a legally, licensed version" »

Posted by Wiz at 1:11 PM | Permalink

If you're using MSN Messenger, or AIM, or Yahoo! or Trillian IM clients as your chat, IM or video conferencing tool, you may never use Windows Messenger and have tried to remove it from the startup group to keep it from appearing in your Systray. However, despite removing it from the Registry key that launches it you may have seen it return on occasion, and had to fight with it's icon and access denied messages while trying to shut it down.

The reason that Windows Messenger makes these unwanted re-appearances is that Outlook, Outlook Express and even some Microsoft Web pages can still make it load automatically. Fortunately, you can completely stop Windows Messenger from reappearing by making an alteration to the local group policy with the Group Policy Editor. You must be running with Administrator privileges to perform this action.

Here's what you should do:

For Windows XP Professional users:

1. Open the Run dialog box by pressing the keys - Windows + R, or click on Start > Run;

2. In the Open text box type Gpedit.msc and click OK to launch the Group Policy Editor.

3. Go to Computer Configuration | Administrative Templates | Windows Components | Windows Messenger.

4. Double-click the Do Not Allow Windows Messenger To Be Run setting.

5. In the resulting dialog box, select the Enabled option, and click OK

6. Close the Group Policy Editor.

How to disable Messenger in XP Home Edition

1: Solution #1 - Uninstall Messenger

2: Locate the file named SYSOC.INF in C:\Windows\Inf folder. NOTE: This folder and file are hidden by default.

3: Open SYSOC.INF with Notepad and locate this line: msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

4: Remove the word "hide" from the line, then close the file, saving the changes.

5: You can now use the Add/Remove Programs icon in the Control Panel to remove this Windows Component.

Stopping Windows Messenger from reappearing with Outlook Express

Even after you go through the trouble of "uninstalling" the darn thing, Windows Messenger still may pop up whenever you run Outlook Express -- which some people do every time they start Windows. To stop Outlook Express from bringing Windows Messenger back onto your System tray, follow these steps:

1. Open Outlook Express.
2. Choose Options from the Tools menu.
3. Click the General tab.
4. Click to remove the checkmark from the box marked, "Automatically log on to Windows Messenger."
5. Click the OK button.
6. Choose Layout from the View menu.
7. Click to remove the checkmark from Contacts.
8. Click the OK button to close the Window.

See more solutions in the extended comments ...

Continue reading "Disabling Windows Messenger on Windows XP Computers" »

Posted by Wiz at 12:19 PM | Permalink