Search This Blog

Loading...

Thursday, October 02, 2014

Chinese AV "Patches" Windows XP


As all of you know, Windows XP is dead.
Or it is? As far as the Chinese community is concerned, there is still hope.

Several AV companies had pushed for a special product where we do not see anywhere else in other markets known as "XP Protection". Basically, the AV Product claim to be able to protect even the unpatched XP against these new vulnerabilities and attacks.

Don't take my word for it. Recently, at "The EXP Challenger Contest". a total of 179 hackers and security experts coming from all over the world have tried to compromise Windows XP computers running:

  • 奇虎 360 XP盾甲 
  • 腾讯电脑管家(XP专属版本)
  • 金山毒霸 XP防护盾

In the 13 hours event, only 腾讯 was broken in 57 seconds by "shaheshang", followed by 金山 later. Qihoo managed to withstand all the attacks.

So, what does this mean? Maybe for those Chinese who are not going to upgrade to new Windows for whatever reasons, they could use these products to actually provide them protection and continue to use Windows XP?

But there is a epilogue to the story. At the end of the event, a hacker "小小小乖兔" managed to break through 奇虎 as well. So, it does means that, maybe hard, but there is a way. Nothing is invulnerable.


So, I guess at least with such products around, it is safe to assume if the clients in Chinese are still using Windows XP, they will be deploying at least one of these products.

And lastly, all the listed products had been updated and are FREE.


Friday, August 29, 2014

Microsoft Re-Patch Tues Aug 2014

It seems that due to the BSOD patches being retracted few weeks back, Microsoft had been working hard to restore the status of these vulnerabilities, especially when some of them are critical. Sure enough, we see a new patch that is suppose to replace the previous patch and I think for those who had not uninstalled the patches according to my post here:

http://blog.winston-avalon.com/2014/08/microsoft-aug-patch-tue-could-cause-bsod.html

You should apply this whether or not you had it uninstalled since this is quite critical in my opinion.

Just use your Windows Update and you should see this patch available now!

Tuesday, August 19, 2014

Microsoft Aug Patch Tue Could Cause BSOD


Yes, no joke~! 4 of the suspected Patch Tue updates for Aug 2014 were suspected to cause some users to crash or BSOD. Judging from the descriptions, it will only be a matter of time when the criteria are met. In fact, it is Microsoft who advise users to UNINSTALL these patches ASAP!

Don't worry,  let me walk you through this. Hopefully when you are now reading this, your PC has not crashed yet. Then the steps are simpler (I did not say it is simple, just not as complicated).

If your Windows is still alive... Time to uninstall those patches. According to Microsoft:
Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then uninstall any of the following update that are currently installed:
  • KB2982791
  • KB2970228
  • KB2975719
  • KB2975331
Well, firstly, not very helpful. The patches are not arranged by KB numbers and the search somehow do not deal with these numbers either.
But luckily, you can still sort them by name and you should be looking for these two:
Security Update for Microsoft Windows (KB2982791)
Update for Microsoft Windows (KB2975719)

Based on the descriptions, it is very likely you will only have one of these:
2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 
2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012
So you might want to look for the other one instead if you are still on Windows 8.0

So, I guess its perfectly normal to have just one of them. As for the other missing one:
2970228 Update to support the new currency symbol for the Russian ruble in Windows

It sound like I may not have it because I do not have the Russian language installed? Likely.

Well if you are a bit out of luck and had the BSOD, you will have to go into safe mode to save that. The details are on their page at:

I strongly suggest you print that out on a working computer. Or be lazy and just system restore back to the previous month... That will probably work.

Monday, August 18, 2014

Download Opera Offline Installer

As more and more of the installers, especially for browsers, goes online, their installers had became smaller and smaller. In fact, most of these installers pulls the actual installation right from the Internet during installation. What you actually download is nothing more than a downloader.

So today, let's visit Opera. The default installer is the one you get when you click the big Blue button in the above screen. But however, do you see a smaller line of text just below it? Yes, that is the link to the Offline Installer. This is very useful when you are in an environment with funky proxy (that doesn't really work) or without Internet. You Opera can still be updated using a Thumbdrive or something along that line.

Grab Opera (both online and offline installer) at:
http://www.opera.com/computer
Or just grab the Offline Installer here:
http://www.opera.com/download/get/?partner=www&opsys=Windows

Monday, August 04, 2014

Turn Off Facebook Video Autoplay


Facebook has recently introduced a new feature which will autoplay video posted as you scroll to it. While there are reasons why this is cool, there are also reason why you may not want to do so. Let me name a few. For example, when you are on limited or charged bandwidth, playing some useless MTV posted yb your friend is definitely not a good idea. But more seriously, if there is a way found to be able to exploit the video codec on your browser, you will be 0wned as soon as the autoplay starts. Without even clicking anything!

Well, its easy to disable this feature actually.
1. Upper Right corner, click on the dropdown settings menu. Select Settings.
2. On the left side, select the Video tab.
3. Check the autoplay to off on your right panel.

That works for Desktop. What about on Android? Well, it is just as easy.
1. Open your Facebook app.
2. On the Left sidebar, tab App Settings.
3. Check Auto-Play Videos on Wi-FI Only.

Now, wait right there. That doesn't disable the autoplay totally. In fact, you can't. It will play when you are in Wifi mode. If I find a way to do so, I will update this blog.

Similarly, you can do it on iOS. Very similar steps. And since I couldn't care less about iOS I would skip the instructions here.

Hope this helps you.

Friday, July 25, 2014

Manual Update for Kaspersky Product

Ever have an issue with the massive downloading of update from Kaspersky product? This is especially bad when you are stuck in a location where bandwidth is a concern since the update could well be over 100MB sometimes.

But little do people know that there is in fact a way to update Kaspersky offline and this makes a lot of senses if you have more than 1 PC requiring the same update. Today, let's take a look at a BETA product from Kaspersky themselves call Kaspersky Updater 2014 for Windows.

Link:
http://forum.kaspersky.com/index.php?showtopic=234108
This is quite a straight forward program. Just download the archive, extract it and run the updater. This is what you will see.

1. Select Applications. Choose the EXACT version you are using because the updates are different.
2. Select Settings. Choose whether you want just signatures or modules updates as well.
3.  Just Update it then.

This end the part the updater has to do. The rest is about configuring your Kaspersky product to take in the update. In general, this is the instructions, but may varies slightly from version to versions.

1. Open your product settings and look for Update.
2. There should be a update source option, select it and point it to the directory you downloaded the update from. It could be in temp under the updater and so on.
3. Update your product.

Hope this helps you guys!

Thursday, June 05, 2014

Sandboxie v4.12 Fail Installation due to VC Redistribution Library


Sandboxie is an awesome on-the-fly sandbox application for Windows! It provides you the functionality of running an application in a sandbox just by a right-click. No VMWare or VM to manage.

Recently, there is a new update to v4.12, but it appears that many people are having issues installing it. The main culprit is the VC++ Redistribution library download and it looks something like this:


Basically, even if you updated your VC++ Redist manually, the download will still happen and likely fail again and again. To overcome this, Sandboxie actually had setup standalone version of their installer and it will solve the problem, but I still strongly suggest you update your VC++ Redist manually first before downloading this and running it.

Get the standalone installer of Sandboxie here:
http://www.sandboxie.com/index.php?AllVersions

Thursday, May 29, 2014

Diyomate K9 Firmware Update A20 14-5-8


Well, it seems that a lot of people had been looking for the firmware to update your Diyomate K9 and it was nowhere to be found, even on Diyomate's website. Actually, to be honest, it IS on Diyomate's site here:
http://www.diyomate.com/DownLoadList.asp?CID=66

But it doesn't say K9 anywhere right? Yes, that is because the K9 box uses a chip call A20 (AllWinner) and Diyomate release the firmware according to the chipset rather than the Box model. Now you will see that there are 2 firmware release in May for A20.
So, what is the differences? Well in case you did not know,the K9 is one of the few model from Diyomate that ships with an option to have either Android or Ali YunOS. So theses 2 files corresponds to the 2 different options. And the good news is that in case you had chosen the wrong version, you just need to reflash it or if you want to change to the other favors, you too can just flash that in.

Ask me, personally, I prefer Ali YunOS and in fact, that is what you actually paid a little bit more for!

Have fun with your upgraded firmware! (Please copy all your important files to your SDCard first before flashing...)

Wednesday, May 28, 2014

Windows XP Extended Support Till 2019 Registry Hack


I am not the first to disclose this registry trick to change your Windows XP into Windows XP POS Edition. The purpose of doing so is that while all other desktop edition of Windows XP had been withdrawn from support, the POS (Point-of-sale) version is however still supported until 2019. This essentially give you extended support on your Windows XP.

HOWEVER, even if this trick works to give you updates until 2019, Microsoft will make some assumptions. For example, people will not be using it wo surf the web, read email, load Youtube of Facebook etc. Because this is a POS system, which is pretty much those dump terminal operated by sales in stores. So what does that mean? It mean you will not be FULLY protected anyway. IE will probably never be fixed. So, my advise is still to just ditch Windows XP and upgrade to Windows 7/8 as a long term solution.

Anyway, here is the simple hack. Put the following into a text file and save it as WinXP2019.reg :

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

Double click this file to have Regedit execute it. That is all to it.

Thursday, May 15, 2014

Kali Linux Slow Update


For those using Kali, you must had noticed how slow and painful it is to update the Linux. Unless you have a very fast internet, which will not be the case on a oil rig or the space shuttle. Just kidding about that. But its slow. That's a fact.

What I am going to show you here is a simple tweak and it will work much faster. And I am not talking about private or custom repository, which I strongly discourage as these are not verified and could contain something else which you do not want on your Linux.

Let's find a file call sources.lst in /etc/apt. Open it and look for http://http.kali.org.... Now, all you need to do is to change it to http://repo.kali.org..... You should have 2 instances of it if you are using the default installation.

Now do you normal apt-get update && apt-get upgrade and you will see the differences. While Repo and Http are both official Kali sources, there are slightly different, but I do not suppose most users will be affected by this differences.

Well, good luck updating and happy pen-testing!

Wednesday, May 14, 2014

Adobe Flash Player 13 Full Offline Installer - Fixing the stopped at 7% Error


The latest Flash Player 13 may had stopped downloading for some at 7% and giving a message:
"Lost connection. Trying to reconnect..."
And actually it does nothing of that sort...

The Flash installer had been one of the worse nightmare ever. For a start, its a EXE executable, but because of whatever reason, something its saved as a ZIP and you can imagine the mess of confusion it is to average user.

Then the download is horrible and I get 10% success rates only in some places.

To top that up, the installer is ALWAYS deleted once it is ran and no matter if it is successful or not! Obviously a waste of bandwidth.

I had talked about it again and again in the past:
http://blog.winston-avalon.com/2011/11/flash-player-11-download-fail-at-12.html

My advise is DON'T use Flash. Really. Given the track record, its probably one of the easiest door to open on your PC if not the MOST. And most of the bigger players had long given up on Flash, like Apple (not surprising) and finally Google in Android 4.4.

But if you really have no choice, need to run it in a VM etc, there is still the option to download it.
Just go to :
http://www.adobe.com/products/flashplayer/distribution3.html

And I really want to stop hot-linking the direct EXE file now since Flash is updated ever so often and that last thing I need is to misdirect someone into downloading a old version.

But hopefully, I will not need to post this for Flash 14 (if it will ever exist...)

Tuesday, May 06, 2014

Change in Domain

From the old http://blog.90283600.com, the blog is now moved to http://blog.winston-avalon.com.
You may want to update your bookmark etc.

Thanks for the support for all these years!

Wednesday, April 09, 2014

System Restore Saves the Day!

Microsoft System Restore
http://windows.microsoft.com/en-SG/windows7/products/features/system-restore


This has been in system a long time ago, since XP perhaps. While most of the time, we only hear about how this feature waste space and cause delay during installation, we had totally forgotten when it would become useful.

In fact, for me, even in the days of Windows 8.1, this feature prove to be useful. What actually happened to me was that I was migrating one of my PC from a ATI (AMD) graphics card to a Nvidia one.

 

It is no surprise that ATI and Nvidia driver would not play nice together. The fatal mistake was however my own. I had forgotten to remove the old ATI driver before shutting down and plug in my Nvidia card. After testing, I wanted to change back to my ATI card and this time, even when I remember to uninstall the Nvidia driver, it just give me the famous "Black Screen of Death" at the Windows 8 login. I had tried reinstalling the ATI driver (but it won't install when the Nvidia card is in) and install-remove the Nvidia driver, but it just wont boot up when the ATI card is in, but perfectly OK on the Nvidia. I guess it could be a "feature" so that you won't switch back to your own card... LOL

Anyway, in the end, during the boot option, I click "Advance Option" and decided to try a System Restore, fortunately was just before the swap since the Direct X was updated. Guess, what? It solved all the issue and I got it up on the very next reboot (even though System Restore did took a while).

So, ask yourself is that little bit more of HDD space worth it? To me, definitely, since HDD space is cheap nowadays and System Restore actually manages itself not to overuse the space anyway. And one thing is for sure, I would add more restore point in the future. And lastly, Thanks Microsoft for implementing this nice feature! 

Monday, April 07, 2014

Uninstall Orbit from Chrome

I am sure at some point of time you may uninstall one of the downloaders such as Orbit:
http://www.orbitdownloader.com/


Don't get me wrong, I am not saying its a bad downloader, but it just happen that I could not use it effectively in office.

Anyway, what I am going to described probably may affect some of you out there. What happened to me was that during the installation, my Google did not exist completely. I had manually close Chrome, but somehow one of the instance must still be running during the uninstallation. Anyway, the result is that Orbit is not cleanly uninstalled. Whenever I tried to download something, it would still redirect to Orbit (and worse, it doesn't work anymore)

So, let's see how to clean up this mess.
1. Before you start, make sure Orbit is no more around (uninstallation from Control Panel)
2. Close all instances of Chrome. (Use task manager to check that here is no more instances running too)
3. Now, let's find the file "nporbit.dll". You can use search or under these directories:
%localappdata%\Google\Chrome\Application\Plugins
4. Delete the file.
5. Open up chrome and type "chrome://plugins/"
6. Find Orbit Downloader and disable it.

That's all you need to. Well to fully clean everything, you can always reinstall Orbit. Reboot and uninstall Orbit... But its just kinda of troublesome...


Wednesday, April 02, 2014

Agnitum Outpost Security Suite Pro v9.1

Ok, I promised I will be giving (technically, I am just linking) a 1 year free license to a paid AV. The good news is that, it is not only an AV, but a full Security Suite including the firewall and all. So, which one is it? Its Outpost Security Suite Pro v9.1.


So, how good do you think it is? Outpost had always been a really good firewall, and at a time, even the best FREE firewall around. It had also been winning awards from many popular polls such as VB100.

See the awards here:
http://www.agnitum.com/news/awards.php


Some of the features:
  • Anti-Malware module with greater detection accuracy
  • Two-way firewall for secure network connections
  • Proactive Protection module to preemptively block unknown and zero-day threats
  • SmartDecision technology to facilitate secure decision-making
  • Web control with fast web content filtering to protect your PC from web-borne threats
  • System and Applications Guard to keep installed software and OS protected
  • Self-protection technology to maintain continuity of protection
  • The 4th generation of SmartScan optimization technology for fast subsequent malware scans
  • USB virus protection to prevent malware which spreads via USB devices
  • Program activity tracker to review file and registry activity in real time
  • Entertainment mode (for games and video) and Auto-Learn 2.0 (for beginners)
Read more about Outpost Security Suite v9.1
http://www.agnitum.com/products/security-suite/

I hope that had gotten you excited. Now, you must be screaming how to get this free?
Thanks to Computerbild, visit this page in Russian:
http://www.agnitum.ru/promo/computerbild/

But not to worry, this is roughly what it translates to:


And this is the important part. You need to key in this Key (manually) :
8IJDI-G2KWK-4SG8S-8SWGS-GWG5X

I suggest you key in your email so that you would received support information from Agnitum.
Then in the next page you should get a key (with many alphanumeric letters). Make sure you copy and paste it into notepad and SAVE IT! It will not be send to your email again.

Just download one of the following installers here:
32 Bits Installer
64 Bits Installer
Do a installation and proceed to register your product. Paste in ONLY the bunch of alphanumeric letters, skip the name, email etc. I know its not straight forward, but just make sure no extra line break and such and you will get it right.

Enjoy your 1 year free of Outpost Security Suite Pro!
Please leave a thanks if you appreciate this. And do pick up a copy of Computerbild while you are in Moscow!

What AV Survey End


It had been a long time since I updated the Antivirus poll and I know its not fantastic, but at least it seems to me that people who voted made good use of FREE antivirus such as Microsoft or Avast (FREE version I presumed). Well, maybe that will guide my direction that more people actually wants to get hold of a good paid AV.

The results however does not tally with the real market trends out there, but of course that because its only for visitor on my blog. But don't worry, the poll is not a waste effort. In fact in the next 5 minutes, I would share a 1 year license of a paid AV with you!

Thursday, March 13, 2014

Problem with HDMI Deep Color

Recall that life was very different after I had gotten my Onkyo Amplifier. Not just in terms of better entertainment, but I had to get in touch with lots of troubleshooting and face with new terms like HDMI, ARC, optical channels etc. Well, if you had read my previous posts, you will know I had a fair amount of problems with Diyomate. Well, to be fair, Diyomate is actually pretty goo, just that it does not play too well with my Onkyo.

So today, I am going to talk about a feature in the HDMI that is known as "Deep Color". A pictures says more than 1000 words, so here:



I think its needless to say that with an option like "Deep Color" I would not think twice to enable it. This is exactly what I did on my Measy X5.


Measy X5 is a fantastic 3D Player with a build in HDD bay and it really works very well. Except until I played with this "Deep color" feature. Normally, this would problem not cause a lot of issue. But it happens that Onkyo does not like the additional data in the video send by this "Deep Color" feature. What happened was that I often get video off (black screen) while the sound goes on (also carried by the HDMI cable). It is very irritating especially when I cannot even finish watching a 20+ anime without hitting this a few times. In addition, sometimes the Onkyo will display an error message that goes something about an incompatible video stream was detected...

So, I did my research and guess what? Almost nothing support the "Deep Color" feature. Not your common DVD or BLu-ray player. Not your common amplifier. Not even some of the TV! I wondered why I like to create so much problem for myself!

Anyway, in short, I finally switched it off and found out that this is indeed the option that had created the problem for me. So now, my Measy X5 doesn't output "Deep Color" and everything is working once again. I really hope this helps anyone who has a similar issue out there!

Smart File Advisor Crapware Removal


If you had come to this page, you are more likely than not to have installed a perfectly legit software which had bundled with this software known as "Smart File Advisor" also known as SFA. One known one is Alcohol 52% FE.

While what SFA tries to do is to keep track of your file associations, but in a very dangerous way. Instead of letting Windows manage it, it checks for a php online everytime a new file type is used. In addition, it messes around with your registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations
And this is where the real danger lies in. In theory (if it had not already been taking places) is that whenever you try to download a file, it would poll that php scripts and it CAN do really bad things like redirecting you to another file instead (and renaming it to be your original - Its not even hard), make you run some scripts which captures information form your PC, insert codes into your return pages which can do almost anything a page can do and more.

In short. SPYWARE. And its not just me doing all the bullshiting here! Even AVG backs me by flagging SFA as a virus!

So, if I have convince you to uninstall SFA. Good. But this is just the point where you find that if you try to uninstall it from the Add/Remove or "Programs and Features" (in Windows 8), you will either find that SFA will threaten to remove your other software as well and most likely it will fail to uninstall anyway.

So, is there a uninstaller? Yes, but after looking through the page I found, I find the "uninstaller" rather fishy by itself too, so I really won't recommend it. So, let's do it manually. You will need to make sure you close the stupid SFA program from the tray and in memory (Task Manager). Then you will need to perform the following which involve deleting of a folder (usually just 1, 32 or 64 bits). And then you will need to remove some registry entries away. I had it packed into a reg file for you to cut and paste into your editor and save it.

1. Delete away these directories if you have any of them:
C:\Program Files\Smart File Advisor
C:\Program Files (x86)\Smart File Advisor

2. Here is the "Remove SFA.reg":
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\*\shell\sfa_checksum]

[-HKEY_CLASSES_ROOT\*\shell\!sfa]

[-HKEY_CLASSES_ROOT\Unknown]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\sfa_checksum]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\!sfa]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Smart File Advisor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SFAUpdater"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1]

Monday, March 10, 2014

Removing the "Special Offer" or Ads in Kindle Paperwhite


Recently, I just bought an Amazon Paperwhite device for reading. Unlike the normal tablets out there be it Android or Apple, this is not too bright and it is in fact very nice for the eyes when compared to the other tablets. The secret is in its special ink technology and therefore, you will also need to get a special type of screen protector for it too.

Amazon Paperwhite:
http://www.amazon.com/Kindle-Paperwhite-Ereader/dp/B00AWH595M

Well more on that next time. What I want to talk about today in about the "Special Offer" you might had mistaken opt in for during the purchase of Paperwhite or another Kindle device. In plain simple text, "Special Offer" = Advertisements. Yes, that is basically all to it. And you CAN actually pay additional $20-30 to buy the non-"Special Offer" edition. But I guess if you are reading this, its too late anyway.

Well, not really, if you live in USA, you can still pay the difference and have it removed. Or if you think you can convince Amazon that you are not in the USA, then you can have it done for FREE! Yes, I am not joking. Because all the ads are targeted for USA, non of them will work anyway even if you click on them! On this basis, there is an excuse to remove the ads since it is a waste of bandwidth (and precious reading space).

So, how would one go about with this? First, login to your Amazon account (which no-brainer should be a non-USA account). Then lodge in a request for support and select through the options ending up with something like "the advertisements link does not work". If not, just manually complain this. In any case, tell the support personal (nicely) that you are not in the USA and request them to remove the ads. They will.

Well, not to encourage everyone to use this exploit, but I think some of the offers are good if you can use them. But otherwise, I think this is a great idea to claim back some reading space (and USD$20) from Amazon.


HDMI Issues with Diyomate

It seems that the HDMI ARC control is really screwed up by a Diyomate device. Confirmed. In fact, I had gotten hold of yet another device - Diyomate X12 and a consistence behavior is observed.



Diyomate X12:
http://www.diyomate.com/productInfo.asp?PID=493

Without the device, my TV and Amplifier plays nice ARC controlling the sound. Once the X12 is plugged in, the whole ARC connection is screwed up and does not work anymore. So the big question is this. What does the Diyomate device do to the HDMI signal? Or rather what are they sending that is causing the rest of the device to be confused. That is something rather interesting to know, but not easily resolved unfortunately.

Meanwhile, I would still want to use my Diyomate here and then, but in order to make my whole Home Theater System works, I have to unplug the Diyomate's HDMI whenever I do not use it. Hope this helps some of you out there.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.