Wednesday, February 27, 2013

Article: Leap Motion Controller starts shipping May 13th, hits Best Buy on the 19th


Excerpt from article: "If you were still thinking that the Leap Motion Controller was going to turn into vaporware, it looks like you were wrong. Just less than a year after the company first made waves with its tiny gesture recognizing box, a finished product is getting ready to ship." (read the rest of the article)

Monday, February 25, 2013

Removing Viruses (and other types of malware)

To put it simply getting hit by malware (e.g. viruses, Trojan horses, worms, etc.) sucks.  Sometimes it can be caused by doing something simple or not very obvious or other times it can be caused by doing something dumb.  As the old cliche goes, "There is no use crying over spilt milk because it only makes it sour for the cat".

All you can do is try to clean up what you can.  Modern malware can be virulent depending on the strain that attacked your machine.  Try to figure out how you were hit, did you open an email attachment, click a link on a website, download a file from the Internet and run it, etc.?  Try to learn from the mistake if you can.

Warning: Follow the advice in this article at your own risk, the author is not responsible for any type of damage (or other type of consequences) that can be caused by following the advice in this document.  Make sure you have a good backup of your data before proceeding with any of the information below.

Cleaning Up From a Malware Attack
The problem with modern malware, is its designed to be difficult to remove.  In most cases you have two choices.  One, if you're extremely paranoid and have lots of time you can format your hard drive and re-install your operating system (warning: before doing this make sure that you have a good backup of your data, and have product keys, OS media disk, any special drivers you need, and copies of your applications).  Two, if you're not extremely paranoid or don't have you lots of time, you can try some of the following things:
  • Make sure your reputable real-time anti-malware application (beware of rouge and fake versions of these products, if you have never heard of the company before then you might not want to trust it) is working, and up-to-date, then run a scan of your computer and see if its detect anything. 
  • You can also download and run a stand-alone anti-malware scanner to get a second opinion such as: Microsoft Safety Scanner, or Malwarebytes (note: its sometime better to use scanner from a different vendor to get an accurate second opinion.).
    • When utilizing these tools, its advisable to reboot your computer into Safe Mode (press F8 several times during start-up, and select "Safe Mode") and run them.
  • Change web site passwords that have been effected or are critical accounts (e.g. work, financial related, etc.).
  • Run Windows Update and make sure your operating system software and applications are up-to-date.
  • I would also recommend uninstalling All versions of Java and Adobe Acrobat reader
    • Malware often utilizes vulnerabilities in these applications.  
    • There are some applications you may need that utilize Java.  If you must keep it, uninstall all the old versions, and make sure you're using the most up-to-date version 
  • Make sure your Flash plug-in is up-to-date.
    • If your Flash plug-in is not up-to-date, download and install the latest version
  • Its also a good idea to make sure that you have a good backup of all your data.
  • For more advanced user, you might want to check your HOST file and DNS settings (see below) to make sure that they were not modified.
    • Checking your DNS configuration settings
      • In the Start menu search field, type Network Connections and select View network connections.
      • In the Network Connections window, right-click a connection that needs an alternate IP address configuration (e.g., Local Area Connection) and select Properties.
      • In the Properties dialog box, on the Networking tab, scroll down and click Internet Protocol Version 4 (TCP/IP v4) and press the Properties button.
      • In the General tab, enter the information for the main network you use (such as a static IP, subnet mask, default gateway and DNS server information).
    • I would also recommend setting up an alternate trusted DNS provider, such as OpenDNS and Google Public DNS.
  • Sometimes malware can also install applications that auto-start when your system boots, use System Internals Autoruns to view all programs that are executed at start-up.  Review all the applications for suspicious entries.
  • Sometimes malware will also install applications to get executed under certain conditions by the Task Scheduler.  From the Start menu search field type: Task Scheduler, and review all the task for suspicious entries.
  • Malware is getting smart enough to leverage web site settings in Twitter (e.g. Twitter Oauth) and Facebook (e.g. Facebook Login) because of their support for authentication and setting up application trust for third party web sites. To prevent this from happening to you, review the settings in your profile and unauthorized any site or application that you don't trust.
    • Utilizing this technology malware can log into other sites, and even post entries in other people's news streams.  Recently some malware was posting malicious links on a friend's Facebook profile from Twitter.  If someone clicked the link and their system was vulnerable their Facebook account would have been taken over too.
  • There are going to be times where conventional malware removal techniques will not work, and will require the computer to be booted into safe mode or utilize a special boot media (e.g. flash drive or optical media) that can remove the virus from the operating system while its not active. One example of this type of tool is Windows Defender Offline.
This might not help the situation, but hopefully it will purge any copies of the malware that might be in temporary areas.
  • Delete your browser cache (Internet Explore and Firefox, press Ctrl-Shift-Del)
  • You might considering dumping your Restore Points, sometimes infected files can get backed up by this system process.
    • Open the System control panel, click the System protection link. Select a drive, press the Configure button, then press the Delete button.
  • Run the Disk Cleanup (Start menu > All programs > Accessories > System Tools), this will purge temporary file locations on the system.
Notes:
    • Even after cleaning your computer with these methods there are no guarantees that its malware free.
    • The links to the products in this document are for reference only, and they're not recommended or endorsed by the author.

Wednesday, February 20, 2013

Getting an "Access is denied." error when connecting to a share


Are you encountering a situation where you're getting an "Access is denied" error when connecting to a share on a machines in a workgroup.  For example, if you used following command:
net use * \\computername\d$ /user:computername\username password

Then you get the following error: 
System error 5 has occurred.
Access is denied.

Try running the following command (requires the administrator command prompt): 
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

To manually implement the change:
Warning: by modifying the registry you run the risk of damaging your operating system, only proceed if you know what you're doing.  The reader takes all responsibility for ANY damage or problems that may occur by following these instructions.
  • Start the Registry Editor (REGEDIT.EXE).
    • If you get the UAC prompt, acknowledge it.
  • Locate and then click the following registry sub-key:
    • HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
  • in the Edit menu, select New and then select DWORD (32-bit) value.
  • In name field type LocalAccountTokenFilterPolicy, and then press the Enter key.
  • Right-click the LocalAccountTokenFilterPolicy, and then press the Modify button.
  • In the Value data box, type 1, and then press the OK button.
  • Quit the registry editor. 

Monday, February 18, 2013

Troubleshooting Network Share Problems

Are you having a problem connecting to a Windows network share (e.g. \\computer_name\share_name) or the default administrator shares (e.g. \\computer_name\c$)?  This happens to computers on networks that are connected to a domain controller or local workgroup.

In my own personal experience has been that local workgroups are more unreliable then domain controller connected shares.  Below are tips to help troubleshoot this problem:
  • Has there recently been any new updates or changes in the hardware, operating systems, software or configuration made on the client or remote computer?
    • For example, were system or application updates installed
  • Is the problem happening from one machine on your network or all the machines on your network?
    • If its just one computer is having the a problem connecting to it, see if it having problems connecting to other computers.  If its just the one computer, reboot and try again.
    • If multiple computers are having problems connecting to the share, then there could be an issue with the share's configuration or the file and print service on the remote computer.
  • Are you having a problem with one or all the file shares on the computer?
    • If you're having a problem with one share delete and recreate.
    • If multiple shares are failing, it could be a problem with the network configuration or file and print service.
  • Can you ping the computer? Its possible that the client is having problems communicating with the DNS servers or the network configuration or the local machine is not setup correctly
    • Trying pinging the computer:
      • Local Machine: ping localhost or ping 127.0.0.1
        • If this doesn't work there is something wrong with the local machines network configuration  drivers, hardware or connection.
      • DNS Name: ping machine_name
      • FQDN: ping machine_name.example.com
      • IP Address: ping 10.1.1.10
    • Note: If you can't ping the machine with the DNS Name, try the FQDN, if that fails try the IP address.  If you are able to ping the machine with any of these, then try to use that method to connect to it: net use * \\machine_name.example.com
  • Does the account have the right file and share permissions?
    • If the account you're trying to use to connect doesn't have proper permission to file and share, then you're not going to be able to access the file.  Make sure to check them both.
  • Make sure that no existing connections are preventing you from making a new connection.
    • Open up the Windows explorer and clear all remote connections by right clicking them and selecting disconnect, also open up the command prompt and type "net use * /delete"
  • Do you know that the account doesn't have a password or is the account locked?
    • If you're using a workgroup account:
      • Try resetting the account password to the account you're using to connect to the share.
      • Try creating a different account, and setup the permissions, and try to access the share.
  • On the remote computer make sure the share is setup correctly in the Computer Management console (COMPMGMT.MSC).
    • Tip: In the Computer Management console kill off all Sessions connected to the share.
  • Make sure the firewall ports are not blocked?
    • If you can't connect to the network share, make sure the ports are open in the firewall and accessible by the remote computer.
Other considerations: 
  • Windows 7 and higher 
    • Try disabling or leaving the HomeGroup (in the Control Panel \ Network and Sharing Center \ HomeGroup)
    • Check your "Advanced Sharing Settings" (in the Control Panel\Network and Sharing Center) in the Home and Work profile, make sure the "File and Printer sharing" is enabled.
    • Make sure you're not using the Public profile  (in Control Panel\Network and Sharing Center), this setting blocks all ports.
  • Workgroup vs. Domain
    • Are both machines (local and remote) in the same workgroup or domain?
  • Network configuration
    • Was the network configuration changed (see IPCONFIG /ALL)
  • Adapter configuration
    • Are all the appropriate protocols enabled?
    • Where there any changes to the HOST file
  • Service configuration
    • Did someone change the default ports?
  • Network considerations:
    • Other thing that can effect communication are: IPSEC, VLANs, IPv6, NAP (Network Access Protection), etc. talk to your network engineer about these issues.

Sunday, February 10, 2013

Article: LibreOffice 4.0 arrives -- get it NOW!

LibraOffice is an offshoot of the OpenOffice open source project that split-off from the original project because of issues that they had with it (more information).

If you're looking for a free open source multi-platform office suite, this is one of the better ones.  I never found it as powerful as Microsoft Office, but if you're looking for a free office suite of tools this is the one I like to use.

betanews reported: "The Document Foundation released LibreOffice 4.0 FINAL. The open-source, cross-platform productitivty suite, which is based on OpenOffice, has evolved to the point where the developers are happy to assign a major new version number.

Version 4.0 includes a number of relatively minor new features, but the big changes will come under the hood, marking the first radical development in the program’s API since the app it was built on -- OpenOffice -- was first released. Other changes include support for Firefox Personas, integration with CMS and online storage providers, plus support for importing both Microsoft Publisher and the latest VISIO documents." (read the rest of the article)


Thursday, February 07, 2013

Adobe issues emergency Flash update for attacks on Windows, Mac users |

Ars Technica reports: "Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple's Macintosh platform.

While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday's unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible." (read the rest of the article)

Saturday, February 02, 2013

Trick: Turning a browser into a notepad

I am not sure how often you can use this, but its still is a cool trick. By placing the following line (data:text/html, <html contenteditable>) of code into the address bar it will turn your browser window into a notepad.

I have tested this in the latest releases of Google Chrome and Mozilla Firefox and it worked fine.  It does not work in Internet Explorer, I have tested both versions 9 and 10.

For more information about this trick.