All posts by remotehelpexpert

Solid State Drives and Defragmentation

Technical Tips

As covered earlier in this article, Solid State Drives “don’ts” include the advice not to defragment them, for technical reasons. But Diskeeper Corporation, the makers of the defragmenting software with the same name, have claimed they have a product that not only is not detrimental to a solid state drive, but that specifically benefits them. The product is called Hyperfast.

Since I like to put claims like the above to the test, I decided to download a trial of Diskeeper Pro 2011, and see what it can do for the 9 months old Solid State Drive in my Windows Vista based laptop. This laptop is my main computer. All my web browsing, email handling through Outlook and even its SQL server based Business Contact Manager are handled from this laptop. So 9 months of constant use with no defragmentation whatsoever should make for some good wear and tear. Let’s see what Diskeeper can do for it now.

I of course have some saved screen shots of the solid state drive’s performance graph from when I got it and it was brand new, and I recently took new ones when handling another aspect of its optimization. So, we have the before pictures. Let’s see what the after pictures look like. But first, let’s install and run that Diskeeper software.

I installed and launched Diskeeper Pro 2011 (which includes Hyperfast). To be honest, it was a little confusing for me to navigate around, so I know the average user will probably be a little lost. But I digress. Or maybe not, since the point is, I wanted to make sure Hyperfast was enabled for my solid state drive, and it took a bit of looking around to do so. OK so Diskeeper knows my hard drive is a solid state one. Awesome. Now let’s have it optimize it, using all recommended settings, and then we’ll do a test or two to see if any improvements in read/write performance.

After letting it operate overnight, my solid state drive became “optimized”. So now for the speed performance tests. Although I traditionally use HD Tune to test the performance of hard drives, this time I used “As SSD”, because it’s reportedly a better benchmark for solid state drives. The numbers in the Score section are the ones to look at. This is the before-using-Diskeeper results:

 

And here’s the after-using-Diskeeper one:

 

I must confess I was surprised to see the outcome of these tests. My initial guess was there wasn’t going to be an improvement or very little, if any. Instead, well, the numbers speak for themselves. Slight improvement in write times, considerable improvement in read times, for an overall improvement of the total score from 229 to 269. So while not as wild as the performance increase results reported by Diskeeper, there is a definite benefit from using Diskeeper’s product on a solid state drive, based on the above results.

Test Drive – F-Secure Total Security 2012

Computer Security

This week’s test drive is the recently released F-Secure Total Security 2012. As usual, upon installing it and updating its signature file, I proceeded to throw the computer at malicious websites to see how effective F-Secure was in thwarting the malware therein.

First round: downloaded a program right out of a Russian website, and emulating a gullible computer user, proceeded trying to open the program just downloaded. F-Secure real-time protection module jumped, blocked it from opening, alerted me to its existence, and nuked it. A posterior in-depth analysis revealed the program was indeed never allowed to open, so no damage to the computer. First round: Pass.

Second round: A fresh Trojan. Same behavior, same result as first round.

Third round: Another very nasty Trojan, the most frequent type of malware these days. Same result, the real-time protection module didn’t even let the file finish downloading and rendered it harmless. Pass!

Fourth round: A fake antivirus. Same result: No luck in infecting the computer. It became obvious that these attempts to infect the computer were pretty much useless. I actually ran out of malicious websites to throw the computer at! And despite all the efforts, not only did the computer not get infected with any payload, the files containing malware were not allowed to stay in the computer, in fact they weren’t even allowed to arrive at the computer. Because no malicious file was allowed to open (execute), some of the security layers were not even called upon! (Like the firewall).

Conclusion

Similar to my recent review of Lavasoft’s product, F-Secure passed the test but at the cost of some system performance impact: I spotted 12 different processes running in the background when F-Secure is running. That’s a lot of processes for just one program. And even though my test computer is fast, I was able to clearly perceive the performance degradation once F-Secure was installed. So users with old or slow computers might want to stay away.

The updated list of security products that have passed my test follows. The sequence is simply the order in which they have been tested and does not represent any kind of performance score:

 

1. Kaspersky Internet Security 2012.

2. VIPRE Antivirus Premium.

3. ZoneAlarm Extreme Security Suite 2012.

4. Avira Internet Security Suite 2012.

5. Emsisoft Internet Security Pack.

6. Lavasoft’s Ad-Aware Total Security Suite 2011.

7. F-Secure Total Security 2012.

And remember, any of the above products provide enough protection to keep you safe while surfing the web IF complemented with AppGuard, as laid out in my article from over 2 years ago on the subject.

 

Not for Beginners – Using a Sony Vaio Recovery Environment Partition to Restore to Factory Defaults

Technical Tips

This was done on a Sony Vaio laptop, model VGN-NR180E. Somebody had done a clean install of a pirated copy of Windows 7 Ultimate. The laptop came originally with Windows Vista Home Premium. Owner wanted to sell it but first get rid of the pirated OS. No recovery disks were available. The recovery environment partition was, fortunately, intact. How to invoke it without recovery disks?

Nothing could be easier. Just order the recovery disks. Just kidding. But before I tell you what to do, let me disclaim it: Make sure you don’t need the data in your current working partition (Or you have backed up the data/files/documents you need from it), because if something goes wrong you might not be able to access the data anymore, and if everything goes the way it should, you CERTAINLY WON’T be able to access your data when done, since the purpose of using the recovery partition is to restore the computer to factory state, thus irreversibly and destructively overwriting everything in your current system partition.

Open an elevated command prompt, type diskpart and press enter. Now assign the hidden recovery partition a letter by using the assign command. Good. Now make it the active partition with the active command. Google how to do these, as I don’t want to make this a tutorial about the diskpart command.

Reboot the computer and it will boot to the Vaio recovery environment. From there you can make the appropriate menu selections to get the back-to-factory-state restoring process going.

Hope this helps.

Not for Beginners: Locking Yourself Out of a Windows 7 Machine

Technical Tips

Although it’s kind of an oxymoron, because you gotta admit one has to be a bit of a newbie to get into this situation… Anyways, I’m usually careful with writing at a “for dummies” level but this is one of the rare exceptions, and that’s what I meant by “not for beginners”. Read at your own risk.

So you find yourself right-clicking on a program to run as an administrator (you’re logged in as a standard user) and find you get prompted by UAC to confirm you want to run the program as an administrator, except the “Yes” is grayed out and so the only option is “No”. Why is this?

1. As it has been since Windows Vista,  the Administrator logon is disabled by default.

2. If your user was an administrator account, and you had the bright idea to change that to a standard user, OR

3. If you wanted to hide a user account with admin privileges by modifying the registry, and

4. There is no other active admin account,

Congratulations! you have locked yourself out of your own computer 🙂

Of course you know what I mean. You CAN log in as a standard user. But as far as been able to perform administrative tasks, elevated, you’re locked out. The reason why you see the “Yes” option grayed out is because there is no active visible admin account present in the computer. So know what do you do?

There are several ways to work around the problem, in different levels of “drasticallity”. C’mon that’s gotta be a word! The most drastic being of course to re-install the operating system from scratch. The lightest and probably most effective one is to use a Linux based boot CD with the right capabilities, which will allow you to activate the disabled administrator account, and the log in as the administrator and from there change your own user account back to being a member of the administrator’s group. That’s the best way out of the catch-22. An example of such tool is CHNTPW. Google it.

Test Drive – Lavasoft’s Ad-Aware Total Security Suite 2011

Computer Security

This week’s test drive is Ad-Aware Total Security Suite 2011. Also flaunting dual scan engines like last week’s test drive subject, The installer was a little intimidating at almost 400 Megabytes!

For the purpose of this test, I left all settings as they came when first installing, except the firewall, which I set to high security. And then the fun began. As usual, the test consists of trying to infect the test computer by visiting known malicious websites and observing the security product behavior when doing so.

Went to the first malicious website, containing a fake antivirus. Loading the website lagged momentarily (Ad-Aware was checking the content of the website before allowing access) and then denied access to the malicious website, announcing through a pop-up window there was malicious content and access had been denied. HOWEVER, I did get prompted to download a file (info.exe) and when, emulating a less than expert user, I clicked to download it and save it, it did so. And then when I tried to open it, there was no protest from Ad-Aware!

The only reason why the computer did not get infected when doing that was, well, a technical unrelated reason. Just to make sure the file was indeed malicious, I submitted it to a website that checks any given file against 36 different scan engines from different security companies. To be fair, only ONE scan engine labeled the file as malicious. So what we had here was a very new infection that had not made its way yet to the signature files of most scan engines. But regardless, it was a miss and the behavioral (heuristic) module should have detected it. Because of the technical reason that impeded its execution, we’ll give it the benefit of the doubt and not flunk it right away, but keep on testing.

Second try, malicious page on a youtube.com link (very popular these days). One of the scanning engines successfully spotted the maliciousness and denied access to the website altogether, both popping up a window and placing a message smack in the middle of the browser instead of the intended page, letting the user know the link was a malicious one. Pass on this one.

Third round: A Trojan hidden in a malicious website. Similar result to the first round. In fact, so similar, I took the malicious file and executed in a controlled, yet uninhibited environment (a “sandbox”) and soon realized it was basically the same file with a different name. Moving along then.

Fourth round: A different, very malicious type of Trojan, hidden in a Russian website. Ad-Aware successfully identified the malicious code and denied access to the website altogether. Good.

Fifth, sixth, seventh rounds: Like the second round.

 

Conclusion:

The test drive is considered a pass, since no infection occurred and no malicious payload delivery occurred, and no breach of data or behind the scenes connection happened, no matter the attempts to do so.

A note on system resources usage: I counted 9 different processes running in the background to make Ad-Aware Total Security Suite work, with over 400 Megabytes of system memory being used altogether. So needless to say, old computers with relatively low memory should stay away. Newer computers, with plenty of system memory, won’t mind (My test computer, for example, has about 8,000 Megabytes of memory, so it’s undisturbed by a process using 400 Mb).

So that being said, we can add Lavasoft’s Ad-Aware to the list of security suites that have survived unscathed my test drive. These are, in the order they have been tested:

 

1. Kaspersky Internet Security 2012.

2. VIPRE Antivirus Premium.

3. ZoneAlarm Extreme Security Suite 2012.

4. Avira Internet Security Suite 2012.

5. Emsisoft Internet Security Pack.

6. Lavasoft’s Ad-Aware Total Security Suite 2011.

Stay tuned for more test drives in the near future. Next one is probably going to be F-Secure, which releases its 2012 version next week.

 

 

Test Drive – Emsisoft Internet Security Pack

Computer Security

Following the series of test drives that I’ve been performing on the main brands’ security suites, this time I tested Emsisoft Internet Security Pack. As it is usual with the top security product from a company, Emsisoft’s security pack  includes anti-virus (2 separate scanning engines to be precise) a firewall, web filter and so forth.

After installing it, I put it to my classic acid test of visiting known malicious websites to observe how it behaves in a dangerous environment. I must say I tried multiple times to infect the computer, and all the attempts were thwarted by either the real-time protection module, or the web filter. Read on for what I found to be the problem with this product.

Although this product passed the test described above with flying colors, the problem I found with Emsisoft is its over-restricted and awkward approach to security. Every time ANY program tried to access the Internet, modify the registry, or otherwise perform any questionable action, a pop-up window came up alerting me to it and asking me to make a decision. And the worst part is, even though there was a checkbox to have Emsisoft remember my answer so I would not be prompted again when the same operation repeated, I kept being prompted again for a decision on things I had already decided what course of action to take, AND had told Emsisoft to remember my answer. Glitchy and awkward.

Along that line, I have tried the firewall before, as a stand-alone installation, and besides the above nuisance, I found the firewall to be very resource-hugging and a specific application installed in my computer, for no reason at all, decreased in performance about 2,000%. It was hard to track down too, as there was no evidence connecting the presence of the firewall to the degraded performance of the application, and only through a trial test was I able to ascertain that indeed the firewall was the culprit.

So although a pass on the test drive, I’d stay away from it in terms of the user experience.

Test Drive – Avira Internet Security 2012

Computer Security

Recently released, Avira Internet Security 2012 was taken for a ride. As usual, the test drive consisted of installing the tested program in my test computer, then accessing known malicious websites and their respective malicious files, and in general trying to infect the computer and see what the security program does to counter the effort.

When I first tested Avira (the 2011 version), it failed miserably. Not this time around. No sir. I installed it and left the firewall setting in its default setting, but did change the behavioral detection level to its highest sensitivity setting. And then the fun began.

First round: accessed malicious website, was prompted to download a file, did so. Successfully finished downloading the malicious file, proceeded to open it… And Avira’s real-time protection module jumped to alert me that the program I had just tried to open was a Trojan and should be quarantined. No infection got through. Pretty good.

Second round: similar scenario (but different website), this time WHILE downloading the file and before attempting to open it, the real-time protection module alerted to the maliciousness of the file. Wow, that was even better.

Third round: Somewhat similar, except this time when trying to ACCESS the malicious website, before being even able to start downloading the infection, I was denied access to it by Avira’s web filter module. This was getting better at every attempt!

Fourth to tenth rounds: same as 3rd round.

All different websites, not one infection got through. In fact, no malicious program was even allowed to open!

None of my attempts to infect the computer succeeded. Quite a change compared to the 2011 product!

Conclusion

A triumphant pass, making Avira Internet Security Suite 2012 join the ranks of those security programs that have pass my test. So the list now goes:

1. Kaspersky Internet Security 2012.

2. VIPRE Antivirus Premium.

3. ZoneAlarm Extreme Security Suite 2012.

4. Avira Internet Security Suite 2012.

All trustworthy and recommended.

Test Drive – ZoneAlarm Extreme Security Suite 2012

Computer Security

Continuing the recent series of tests for different security solutions available out there, ZoneAlarm’s top product, Extreme Security Suite 2012 was taken for a test drive. Here’s a rundown of the test:

First stop: a website infected with a Trojan. Once in it, I was prompted to download a malicious file, and emulating a not-very-savvy user, did so, then opened the downloaded file. Nothing seemed to happen. No warning from ZoneAlarm, no sign of infection either… so I resorted to the good ol’ process monitor to see what had just happened. Too many times these infections deliver their payload invisible to the human eye, so to speak.

But not this time. Very nice! ZoneAlarm did not allow the execution of the malicious file. Even though it did not alert of its maliciousness, ZA did not allow the malicious file to deliver its payload. An on-demand scan of the downloaded file was met by ZA with a correct labeling of “malicious” and deletion (I think the real-time protection module should have alerted without needing an on-demand scan, but won’t hold it against ZA. For all practical purposes that first run was a pass).

Second run: Another malicious Trojan. Similar story.

Third attempt… a fake antivirus, famous for being hard to detect. Mixed result: ZA did not allow the payload to be delivered, but this time not even an on-demand scan of the file resulted in the correct label of malicious.

Fourth run: the infamous Koobface worm. Not so new anymore so no surprise that ZA’s real-time module caught it this time, before I could even open it. But a pass is a pass.

Summary

As with others tested security programs, no evaluation was done on computer resources usage or compatibility problems. Strictly from the viewpoint of protection against drive-by download infections, ZA’s Extreme Security Suite 2012 is a pass. It therefore joins the ranks of the other 2 suites that have passed this test, Kaspersky Security Suite 2012 and VIPRE Antivirus Premium 4.

Test Drive – AVG 2012 Internet Security Suite

Computer Security

AVG recently released their 2012 version of the Internet Security Suite. Being as it is that the 2011 version failed the test a few weeks back when I did a number of tests on different security suites, I figured it’d only be fair to give this new version a chance.

So I installed a trial of it in my Windows 7 based test computer, and went on to visit my friends the malicious websites. Here’s a summary of the results:

One of the files downloaded by visiting a malicious website, “Root-kit  zero access”, tried to and successfully connected to internet address 193.105.154.210:80. Tsk-tsk on AVG’s firewall, it should have stopped the outbound connection attempt.

I then went on to another malicious website infected with a fake antivirus program. Upon opening the malicious download, the firewall did alert me of an outgoing connection attempt, and asked me if I wanted to allow it. I blocked it, and then the real-time protection shield proudly announced it had found an infected file… but failed to stop the infection. A few seconds later, the fake antivirus took the computer over. Game over.

And here’s the kick: Even though the firewall did block the execution of the file created by the initial download ( file name aH12402HlElD12402.exe), a post-mortem forensic analysis revealed that the originally downloaded file accessed a website in China (Internet address 122.224.4.134) without any protest or prompt from the firewall! What a joke.

Sorry, AVG fans. AVG 2012 Internet Security Suite = FAIL.

Hacking that Affects Google, More About and Clarification

Computer Security

After my latest article was published last week, I received feedback from some of my readers asking me for clarification of how the stolen certificates situation I talked about in it translated to the average Joe/Jane user. What would he/she run into and what can he/she do?

Let’s see how it would work in a real case scenario. Let’s say, for example, you want to sign in to your gmail email. You’d go to a secure (encrypted) webpage, like

https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2&from=login

And from there provide your email address and password. But even before you do that, as soon as you click on the above link, your browser will check the certificate presented by the website, and thus corroborate that indeed, the website is legitimately what it purports itself to be. This all occurs behind the scenes, so to speak. The user does not see this process. However, if for some reason the certificate is expired, is different than expected or contains any other outpoints, the browser will alert you. In Firefox (for example), you might see something like:

You would then be able to avert the impersonation. And that’s how certs help you.

Now, if a cert is stolen and used in, let’s say, a phishing email, and you click on a link of what seems to be a gmail login, but it’s something else, AND it is using the stolen cert, you would not get the alert and thus not realize these are not the androids you’re looking for (Go see Star Wars Episode IV if you don’t get the reference 🙂 ). And so you sign in and thus give the malicious hackers your credentials.

That’s just one possible way of how stolen certs could be used for malicious purposes.

I mentioned in my last article Windows XP and Server 2003 users were the most likely to get affected. Microsoft has just released a Windows Update (KB2607712) that permanently blocks all certificates issued by DigiNotar. The update should be available to you if you have automatic updates enabled in your computer. If you don’t, want to install it manually, and know what you’re doing, here’s the link to it:

http://support.microsoft.com/kb/2607712

If you have any questions, don’t hesitate to ask.