System configuration in plain language - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Nov 20^th, 2008, 6:21am

   Mischel Internet Security Forum
   Internet Security
   General (Moderators: Helena, Gavin_Coe, Magnus)
   System configuration in plain language

« Previous topic | Next topic »

Pages: 1 2

Notify of replies

Send Topic

Author

Topic: System configuration in plain language (Read 1517 times)

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

System configuration in plain language
« on: Mar 13^th, 2002, 7:18pm »

Quote

Modify

Hi all,

This one is for many of you out there.

Having just read Jamming's 'Noob' thread in 'Trojans', it strikes me that what could be needed here is some sort of detailed system configuring tool for MSIE and other vulnerable apps. Let me explain:-

I use several tools already, including:
Xteq X-Setup : excellent range of options, but still quite cryptic and often full of doom-ridden warnings.
Script Sentry (by Jason Levine) : simple, but limited in scope (naturally, 'cos it's not trying to be a cover-all).

Somewhere in between there must be a balance. Many users will read stuff about blocking Java, limiting ActiveX and other such tweaks, but either not have a clue, (or the confidence), or have tried it and forgetten what the heck they did when coming to set up a new installation. Like me. Grin

So, what about a utility that acts like TweakUI - making the finer points configurable without an ominous list of check-boxes and varied points of access (Internet Options, etc in either Control Panel, or the more specific ones like in MSIE), or the dire warnings of system failure like those given by X-Setup (many of which experience tells us are very over-blown). I feel that the happy balance has yet to be met.

What most users want is point-and-click security (which is why stuff like McAfee Office or Norton SystemWorks sells by the boat-load). Yet most of the items covered in the security-conscious newsgroups is largely left to the registry twiddlers to try out. I mean, when did your mum ever realise that ActiveX scripts were a security risk? Or try to achieve a) no scripts running and b) remove the persistent dialogues about scripts not being able to run?

Anything already out there? Have I missed it on my wanderings round sites like Wilders.org (VG IMHO)? Or is this something that can be tried out?

Ian.

« Last Edit: Mar 13^th, 2002, 7:18pm by Ian »

IP Logged

... but crap arrives pretty much straight away.

Magnus
Administrator

Ad astra per aspera.

Posts: 4120

Re: System configuration in plain language
« Reply #1 on: Mar 14^th, 2002, 10:48am »

Quote

Modify

I can see the potential for such a utility. I'm guessing Internet Explorer settings would be one of the bigger things such an app would have to consider when locking down the system. But then, it could just reconfigure the Internet Explorer shortcut to start Opera instead, and voil�: instant security Wink

IP Logged

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #2 on: Mar 14^th, 2002, 7:31pm »

Quote

Modify

Well, MSIE does cause most of the problems! Others arise in script-aware apps like Word and Outlook, but a script can be run outside of these - anyone uninstall the Windows Scripting Host lately? So many things are knocking about in one place or another in a Windows system that often a user has to wade through several layers of menus just to make one part of one fix (like the trick to disable ActiveX without it realising it can't run).

Not just that, but other things arise that need deliberate file-hacking. I don't suppose it's a big percentage of users who are up to hex-editing the relevant file to make MediaPlayer fully anonymous (replacing the GUID coded into one of it's dll files - look, there I go again; I can't even remember which one!).

Mind you, the list could go on - ICQ, mIRC, Netscape/AOL, RealPlayer (and they are not the only ones). I guess MS stuff can be tackled as a priority because a) there are so many users of their stuff and b) there has to be a line drawn, otherwise you'd get into the realms of X-Setup again (always releasing new tweaks discovered by it's userbase). If you sit down and start the "We could include <XYZ>..." path, the utility would spiral away into a never-ending cycle.

I never have much luck with 'alternatives' - Opera wouldn't run on my Psion 5, Netscape went badly wrong somewhere between version 3 Gold and AOL (then took a nose-dive) Apple Quicktime is slow and problematic on this HDD re-installation (previous one ran fine) and TDS-3 crashed regularly after scanning about 750-800 files out of 27,000 or so. There was another anti-trojan I tried before TrojanHunter that wouldn't even get past it's installation routine - mercifully, I can't even remember which one, but plenty of folks raved about it. I don't bother with any of these now, although the only one I actually miss is Quicktime Grin

IP Logged

... but crap arrives pretty much straight away.

Magnus
Administrator

Ad astra per aspera.

Posts: 4120

Re: System configuration in plain language
« Reply #3 on: Mar 14^th, 2002, 9:29pm »

Quote

Modify

I have some nice ideas for such a program, none of which I'm gonna discuss in public. Maybe something will be released in the coming months... Cool

By the way, I'm a bit confused, are you and IanUK the same, or is that just a common name?

IP Logged

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #4 on: Mar 14^th, 2002, 9:39pm »

Quote

Modify

We are each of us unique! Common name, I'm afraid, but there are variations - often spelt Iain in Scotland.

I'm in Leeds, West Yorkshire, and AFAIK 'IanUK' is in Wooler, Northumberland, quite a few miles to the North of me (though we're are still both 'Northerners' to anyone in London Wink

IP Logged

... but crap arrives pretty much straight away.

Magnus
Administrator

Ad astra per aspera.

Posts: 4120

Re: System configuration in plain language
« Reply #5 on: Mar 14^th, 2002, 9:48pm »

Quote

Modify

Sliding a bit off topic here, but I don't think anyone will mind...

By chance, I tuned into BBC Radio Foyle today, and if the accent of the host was indeed Irish, I've now figured out the accent of some of the people in that British drama series Cold Feet. �

�(Don't know if you get it over there, I'm just assuming it's British since it seems to be set somewhere in the UK.)

IP Logged

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #6 on: Mar 14^th, 2002, 9:55pm »

Quote

Modify

Re: the 'secret' maybe-utility:-

Drop me a mail if you need a less-than-public conference - it is something I'd be very glad to help with - testing etc or just for ideas.

IP Logged

... but crap arrives pretty much straight away.

Magnus
Administrator

Ad astra per aspera.

Posts: 4120

Re: System configuration in plain language
« Reply #7 on: Mar 14^th, 2002, 10:00pm »

Quote

Modify

I'll certainly keep that in mind; getting input from a "real user" would be invaluable if in fact it's something that seems worth developing �

IP Logged

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #8 on: Mar 14^th, 2002, 10:07pm »

Quote

Modify

It's a bit dangerous assuming that Ireland is British! Radio Foyle sounds Irish in origins, though.

At the risk of over-simplifying a very complex situation, the north of Ireland is a British province, sometimes refered to as Ulster. The south of Ireland is an independant state called Eire. Many people have been killed in the conflict over the rightful 'owner' of the northern bit Sad

. Plenty of history to go into there - (William of Orange, the IRA and other paramilitary organisations on both sides, Bloody Sunday, internment) - the list is long and will, sadly (tragically so) get longer before the books are closed on this issue. Cry

IP Logged

... but crap arrives pretty much straight away.

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #9 on: Mar 14^th, 2002, 10:19pm »

Quote

Modify

Right, so that last one went off with my usual preparation - only now do I realise you meant the radio station � Embarassed

Oh, what the heck! Grin

I haven't tried Radio Foyle, but the BBC website may have a streamed version. What's the frequency? There are plenty of accents in Britain, some native and some 'imported'. The strongest are the more provincial ones - try listening to people from Glasgow (Scotland), Orkney Isles (Scotland again, but halfway to Norway - apparently), Liverpool, Cumbria, Wales (try full-blown Welsh as well - a very ancient language still spoken in the Principality). Mosey on down south through Coventry, heading out through Somerset and Cornwall (where a language similar to Welsh is still in limited use), then smog-mask back on and head into London. Get out quick on the other side and try your ears out on East Anglian. Then come back to Yorkshire and have decent beer, watch good sport (cricket, rugby and I suppose Leeds Utd can kick a football better than the average bear) and learn to slag off Lancastrians (history runs deep - the Wars of the Roses are still current affairs in some of the villages) Grin

.

How far off topic are we allowed to slide? Cool

« Last Edit: Mar 14^th, 2002, 10:28pm by Ian »

IP Logged

... but crap arrives pretty much straight away.

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #10 on: Mar 14^th, 2002, 10:26pm »

Quote

Modify

Just a bit further, it seems... Grin

Radio Foyle - Northern Ireland local radio station. Homepage at http://www.bbc.co.uk/northernireland/radiofoyle/ - they have a RealAudio stream, so you can listen to the 'gift of the Irish' all day.

Anyway, maybe you meant 'Cold Feet' after all? I didn't see that, but you're right about it's origins.

« Last Edit: Mar 14^th, 2002, 10:29pm by Ian »

IP Logged

... but crap arrives pretty much straight away.

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #11 on: Mar 16^th, 2002, 3:44pm »

Quote

Modify

Right, more on the point in hand.

I've remembered the file that the MS MediaPlayer GUID is coded into (it's not a dll... Grin

) :-

c:\windows\system\MSDXM.OCX

At least that's where it is on a Win9x system. The GUID may be the same one as is found in registry keys such as HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\General> (string value "UniqueID") HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings and HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings

These are again Win9x. Because they're per user settings, WinNT, 2K and XP users will find them in each user profile in the registry.

The GUID in MSDXM.OCX is about 15% of the way down, but watch out because the Critical Update from last November replaced the original ~2Mb file with a much smaller one of ~800Kb, and it's 15% down the revised one. Users will need a hex editor - try at http://www.kibria.de/#frhed for a good one.

Mind you, if your utility is expected to cope with that little mess, as well as all the more usual hacks, then it won't be quite as light-weight as TweakUI Wink

IP Logged

... but crap arrives pretty much straight away.

Magnus
Administrator

Ad astra per aspera.

Posts: 4120

Re: System configuration in plain language
« Reply #12 on: Mar 16^th, 2002, 11:15pm »

Quote

Modify

I may be wrong, but I was under the impression that the situation on Northern Ireland had calmed down significantly over the last few years. I can't recall seeing any news about PIRA attacks for quite some time now.

Regarding the potential app: If you have any ideas for how you'd like the user interface constructed, then feel free to drop me an e-mail. What I'm trying to find out is what exactly the "middle road" between simplicity and fine-grain control would be.

IP Logged

Ian
Stole All the Forum Stars

Good things come to those who wait ...

Posts: 2913

Re: System configuration in plain language
« Reply #13 on: Mar 17^th, 2002, 7:09pm »

Quote

Modify

Re: Northern Ireland. Still lots of paramilitary stuff, just nothing on the scale of the Omagh bombing Sad

- which wasn't by PIRA, but a splinter group that didn't agree with the Provo's downing of 'tools', so to speak. It comes and goes, but yes, seems to be going more than it resurges these days.

Re: Application. Give me a couple of days to sort something out. Who know, maybe I'll even draw a picture!

First thoughts are in your inbox about now Grin

IP Logged

... but crap arrives pretty much straight away.

Magnus
Administrator

Ad astra per aspera.

Posts: 4120

Re: System configuration in plain language
« Reply #14 on: Mar 18^th, 2002, 6:13pm »

Quote

Modify

on Mar 17^th, 2002, 7:09pm, Ian wrote:

Re: Northern Ireland. Still lots of paramilitary stuff, just nothing on the scale of the Omagh bombing � Sad

- which wasn't by PIRA, but a splinter group that didn't agree with the Provo's downing of 'tools', so to speak. It comes and goes, but yes, seems to be going more than it resurges these days.

I'm actually reading a book on the Northern Ireland conflict right now: "The Dirty War" by Martin Dillon. There are some fascinating stories in there.

Quote:

Re: Application. Give me a couple of days to sort something out. Who know, maybe I'll even draw a picture!

First thoughts are in your inbox about now Grin

I've read the e-mail; thanks! I'll be replying to it and it's possible you can expect a "user interface demo" within a week or so �

IP Logged

Pages: 1 2

Notify of replies

Send Topic


« Previous topic \| Next topic »

Search

Members

Login

Register