Research projects are always great since they broaden our perspective and all in all
moves us forward- The ones that make me go: “Now why didn’t I think about that!!”
are the ones that I believe will also succeed since they fill a gap that will make our lives
easier.
Think of life before GPS navigational systems or even maps…now take a look at the following
video:
http://www.youtube.com/watch?v=K-_T949uSwU
Anti Virus(AV) and Anti-Malware software has always been a necessary evil to me. I managed to
go on for years without installing any type of such protection because I believed that if you are
an experienced enough user, you won’t be infected. I saw no reason for installing an additional
piece of software on my system that would eat up precious RAM and instigate disk activity without
any direct benefit to me except protection from some “unknown and harmful software”.
Years passed by and I got non the wiser while malware kept on developing and eventually I broke down
and installed an AV. I have switched several commercial pieces of software and it has always annoyed me
how bloated these applications were and how they affected the performance of my system.
As free Application became available I started using them, always trying to find the one with the smallest footprint.
In August 2009, Microsoft released their first version of Microsoft Security Essentials. One of the first
things that made me happy was that it was a very thin layer that integrated into your system and had
a minimal (to none) impact on performance while providing the required protection.
Almost an year after the initial release a new beta version has been released.
What’s New in the Microsoft Security Essentials beta?
This Beta version of Microsoft Security Essentials includes these new features and enhancements to better
help protect your computer from threats:
- Windows® Firewall integration: Microsoft Security Essentials setup allows you to turn on Windows Firewall.
So this one had me wondering- I mean, what’s the big deal here…does it really deserver a mention
in the ‘What’s new’ section? Actually it does because it shows how Microsoft is looking at security as
one whole unit. Security is a layer cake, each layer should be protected and installing only one system might
provide a sense of security that is actually false-so yes, reminding you to turn on your firewall (if for some odd reason
you decided to turn it off) is a big deal.
- Enhanced protection from web-based threats: Microsoft Security Essentials has enhanced integration with Internet
Explorer® which helps prevent malicious scripts from running and provides improved protection against web based attacks.
Microsoft Security Essentials works with Internet Explorer to scan script-based content and help protect you against online
threats such as drive-by downloads, malvertising, exploits and redirection attacks before they have a chance to compromise
your computer.When Microsoft Security Essentials detects potentially malicious content in a web page, it immediately blocks
the content and displays a notification on your desktop. You can choose to block or allow the content to run.
- New and improved protection engine: The updated engine offers enhanced detection and cleanup capabilities
and better performance.
Download
To download the beta you should go to:
https://connect.microsoft.com/securityessentials
Once you are logged in with your account you will receive access to the beta. Please note that some limitations exist as you
can see from the screenshot below:
*Some issues with downloading the software have been reported, yet currently it seems to be functioning quite well.
Installation
- Basic welcome screen, license and ‘Customer Experience’ screens:
- If you would like on your firewall, this is the screen to do it. If you turned it off and would like to leave it off
uncheck the checkbox:
To be honest I found this screen somewhat confusing. In my opinion if your firewall is on, it shouldn't appear at all
since it causes me to think that if I uncheck the checkbox it might turn my firewall off…and it may also raise the
question of what will happen if I check the checkbox when my firewall is already on(based on my test nothing)…
Not a big deal but a bit confusing.
- Installation process:
- Once the process is complete, you will have to restart your system. After the restart make sure to update:
Configuring
For a standard user there is not much left to do and the defaults are fine. If you still want to play around with the
settings, open Microsoft Security Essentials(MSE) and go to the ‘Settings’ tab:
- Scheduled Scan – Quite self explanatory so I won’t add anything here.
- Default Actions – This part of the tab defines how MSE will handle threats it identified. For a detailed description
of the methods click here.
- Real-time protection – Enables you turn off/on the real time protection engine. Note the checkbox at the bottom
of the page enabling network protection against exploits of known vulnerabilities.
- Excluded files and locations/Excluded file types/Excluded processes – Specify any exclusions you might need.
- Advanced –A couple of unchecked options that might be of interest here:Scan Removable Drives – When running a
’Full Scan’ the software will not scan removable drives. If you have an external HD (USB) connected to your system
you should check this checkbox to make sure that it is scanned during full scans.
The second option to have a look at is the option of ‘Creating a system restore point’ before cleaning your computer.
This might be beneficial if the malware used may render your computer unusable. Using system restore you might
return to a usable but infected state.
- Microsoft Spynet – Allows you to configure participation levels.
Usage
To test the behavior of MSE, I download the EICAR Anti-Malware file located at:
http://www.eicar.org/anti_virus_test_file.htm
MSE ran it’s magic, suspended the content and warned me about the existence of the threat:
As I asked for additional details, MSE allowed me to decide what to do next and provided detailed information about the threat:
Conclusions
MSE is a free ,‘thin’, and very effective anti-malware software. It has all the features required to protect your
system and considering that this is a beta, the new version looks very promising.
From the KB:
- A computer is running Windows Server 2008 R2 and has the Hyper-V role installed.
- This computer has one or more Intel CPUs code-named Nehalem installed. For example, the Nehalem CPU for a server is from Intel Xeon processor 5500 series and for a client is from Intel Core-i processor series.
In this scenario, you receive the following Stop error message:
0x00000101 (parameter1, 0000000000000000, parameter3, 000000000000000c)
CLOCK_WATCHDOG_TIMEOUT
http://support.microsoft.com/kb/975530
I am a sucker for huge posters that have some technical drawings on them. It makes your office
look more professional. I just bumped into a new one, that describes the different components of
Hyper-V and their architecture.
This is but a small snippet:
To download the whole poster, click here.
I has been a long time since I wrote. A lot of things happening, but none of them can explain my absence.
It’s going to be a real challenge trying to write again, but I feel that I have no choice. I decided , as a resolution,
to write at least two posts per month…
I have quite a few annoying habits, and some of them have to do with how I work with computers.
One of these little annoying habits is accessing specific locations and applications on a system from
the ‘Run’ window. Some of you may say that it’s so eighties since we have the search box in Vista
and 7 but I still like it. It’s a simple and quick process: Press Star+R write the location and you are
there.Better yet,if it’s an item you already used it’s stored in history so you don’t have to re-type
the full path or name-and this was the point where it got annoying…
When looking at the history of the Run command I found quite a few items that no longer existed
there, obviously I wanted to remove them. I tried highlighting them and pressing Del to no avail.
Eventually I found that the history items are stored per user in the registry,specifically at the following
path:HKEY_CURRENT_USER → Software → Microsoft → Windows → CurrentVersion → Explorer → RunMRU.
As you can see, the items stored in history are arranged in values(REG_SZ) from a to z. Every time you enter
a new item in the Run dialog box it is stored under a “free” letter. Once you hit Z, you can no longer add items
to your history.
Since I have deleted some of the files that they refer too, some of these values have become stale,yet they
still linger on, while others are still useful and I would like to keep them around. The simplest way to clear the
list form stale entries is to simply delete them from the registry (as usual, be very careful when messing around
with the registry as you may render your system unusable).
Once deleted, they will disappear from the list and allow new entries to be added.
I also noticed that the MRUList value has a list of the alphabet letters based on the order in which the values were created.
If you have been ever wondering which titles Microsoft offers for trial you
can look at the whole list at the following link.
BitLocker protection on removable drives is known as BitLocker To Go. When a BitLocker-protected
removable drive is unlocked on a computer running Windows 7, the drive is automatically recognized
and the user is either prompted for credentials to unlock the drive or the drive is unlocked automatically
if configured to do so. Computers running Windows XP or Windows Vista do not automatically recognize
that the removable drive is BitLocker-protected. With the BitLocker To Go Reader users can unlock the
BitLocker-protected drives by using a password or a recovery password (also known as a recovery key)
and gain read-only access to their data.
Download it here.
If you have been wondering what’s new in Windows Server 2008 R2, there is a free e-book
out that can help you. The eBook is short and to the point.
Download it here.
Quietly,without much fanfare Windows XP Mode (XPM) has RTMed.
http://www.microsoft.com/windows/virtual-pc/default.aspx
What can XPM do for you?
Microsoft wants you to move to Windows 7. An obstacle for moving to Windows 7
is an application that is a necessity for a business or home that might not
run under Windows 7 (or Vista). Such legacy applications might not be supported
under the current compatibility settings and to make things worse, the company
that has developed the application is no longer in business or will not develop an application
that is supported by Windows 7. To resolve this problem XPM was developed.
In laymen’s terms XPM allows you to run a Windows XP environment on your Windows 7
system. Technically, you are running a virtualized OS over your Windows 7 host. Virtualization
is nothing new, so what’s so special about XPM?
XPM adds the following features to standard virtualization:
- USB support – Yes,it’s finally here, USB support inside your virtual environment. You
can use your disk on key to save information and more importantly if your legacy application
is dependant on some type of USB security plug you are set.
- One Click launch – With this feature, the usability experience of applications installed inside the virtual
environment becomes seamless. Once the application is installed, you can start it from your
host and it will appear as if it running directly on your host.
Installing XPM
Installing XPM is as simple as one,two, three and four...ok,that wasn’t funny, but the installation
is a very straightforward process. You navigate to the download page you follow the four steps
described there:
- Verify that you need XPM- Windows 7 provides ample quantity of compatibility options. Before
you install XPM, you should verify whether they solve the issues that you are experiencing they provide
a simpler solution to your problems.
- Verify that your PC supports XPM – To run XPM, your processor has to support hardware assisted
virtualization. To verify that this is the case, you should click the link provided at the second step of
the process (or click here) and run the application.The Microsoft® Hardware-Assisted Virtualization
Detection Tool will verify whether your processor supports virtualization by providing the following output:
If you receive a different output from the application, please review the HAV Detection Tool - User Guide that
provide an interpretation of the outputs and provides information on how to rectify the situation (if possible).
- Choose your OS and language – Please note that only Windows 7 Professional, Enterprise and Ultimate are
supported.
- Start downloading:
- Download XP Mode – The first download (and installation package) weighs ~500 MB and contains a VHD of
a preinstalled Windows XP (SP3) system.
- Download Virtual PC – Yes, you are downloading Virtual PC.
- Start the installation – Yes, it’s actually a five step process…I lied:
- Install XP Mode – You should start with installing XP Mode:
- Install Virtual PC – This comes in the form of a standard update and will require a restart.
Configure XPM
Once you are done with downloading and installing you should start XPM, by opening the Start menu and writing
’XP Mode’ in the search bar.
When you start XPM for the first time you have to configure it:
- Read and accept the license agreement.
- The second screen is confusing in my opinion:
- Installation folder – XPM uses two virtual hard drives. The first hard drive is the parent VHD which you
downloaded in step 4 of the previous section. This VHD contains the basic installation of Windows XP (SP3),
and is never changed.The second virtual hard drive is called a differencing virtual disk. The differencing disk
contains all the changes that are done to the system (e.g. saved data, newly installed applications,etc.).
The differencing disk is always dependent on it’s parent. When you set the path in the installation folder
you actually set the location of the differencing disk.
- XPMUser – This is the account that will be used to log-on to the virtual Windows XP machine. If you would
like to refrain from entering these credential every time you start an application running on XPM make sure
to check the ‘Remember credentials (Recommended)’ checkbox.
- Updates – As with any OS, you should make sure that XPM is fully updated, unless one of the updates
breaks the application you are trying to use.
- Shared folders – When installing XPM you provide it access to the host systems folders. This might pose a security
threat on your system, and you should make sure that applications installed inside XPM are trusted. On the other hand,
in most cases you meant to install these application on your host anyway so the threat isn’t that big. If for some reason
you are still worried you will be able to remove the sharing later on.
- During the installation a short tutorial is displayed (note the progress bar at the bottom of the page).
- Upon completion of the installation, Virtual PC opens with Windows XP (SP3) loaded.
Using XPM
At this stage you are set and you can start using XPM. Note that since this is a virtual system, you should treat it
as a standard system. The first thing that struck me odd that this system has no anti-virus software pre-installed.
I am assuming that this is due to legal limitations9although this is an open issue for me), so the first thing I did is
to install Microsoft Security Essentials on my XPM and then updated it.
The second step (and the reason for this whole adventure) is to install the application that I couldn’t run on
Windows 7. For this demonstration I have chosen ‘Word 6 for DOS’ as the problematic application. The following
steps are taken to install the application:
- Copy the problematic application into the XPM. As you can see from the screenshot below all the drives
from my host machine ‘Transylvania7’ are mapped into the XPM.
- I start the installation according to the applications basic instructions.
- When the installation routine is complete, you can start the application and use it within the XPM.
Up to this point, I haven’t shown you anything that is new. What we have done here, you could have achieved in
the past. The major change with XPM is that you can run the application you just installed seamlessly from your
Windows 7 desktop.
Log off from the XPM and close it by clicking the red X on the top right of the window. Note that the system is hibernated.
To do this, you need to open the Start menu and enter the name of the application installed within XPM in the
search field. We actually installed two applications:
- Microsoft Security Essentials
- Word 6 for DOS.
The results for Security Essentials are show below:
As you can see , I have this application installed both on my host and inside XPM. The on inside XPM has the suffix
of ‘(Windows XP Mode)’. When I choose the XPM Security Essentials, they system is woken from hibernation
and a seamless window is opened, showing the application:
Note the XP styled window and the Virtual PC icon on the taskbar. And additional thing to note is that since Security
Essentials is a ‘resident’ application, it’s icon from tray inside XPM is also displayed by tray on the host(this became kind
of an issue later on).
When you close the application the virtual environment will be hibernated again, please note that all processes communicating
with the host have to be closed for the system to be hibernated(hence the issue).
The missing Word 6 for DOS
Security Essentials seems to be working fine, yet once we try to run Word 6 for DOS from the host, it seems to be missing.
XPM publishes applications by monitoring the start menu, when it identifies that an application has placed a shortcut on the
start menu it will publish it to the host. Word 6 for DOS didn’t create a shortcut for itself on the start menu hence the
problem.
In this case, we will create a shortcut for Word 6 inside the XPM and drop it on the Start menu. Once done, we will log off
the XPM and turn it off(hibernate it).
Once done, when searching for Word we will see the published shortcut which we can use to start the application:
Advanced Configuration
To be able to access the more advanced settings of XPM, you have to first shut it down (note that until now you
have only logged-off and hibernated the system. To shut XPM down use the following steps:
- Start XPM.
- Choose the Ctrl+Alt+Del option from the menu on top
- In the ‘Windows Security’ window choose the ‘Shut Down’ button
- Choose ‘Shutdown’ from the drop down list
Once the system has been shut down, open the Start menu and choose ‘Manage Virtual Machines’.
Right click ‘Windows XP Mode’ and choose settings. The first setting enables you to change the name
of the VM and add notes to it.
The Memory branch will enable you to change the quantity of RAM used by the VM. Since the XPM uses Windows
XP 32bit you can’t use more then 3.7GB.
The Hard Disk 1 branch will display the locations of the hard drives set during setup (parent and differencing). You
can change their locations from here.
In addition to that, by using the ‘Modify’ button, you can either merge or compact the differencing VHD. Compacting
might be useful since it will shrink the size of the VHD by removing unused space from the file.
The DVD drive branch enables you to configure which DVD is tied into XPM.
Integration features define the relationship between you host system and the XPM. One of those relationships
is the mapping of the hard drives from your host into XPM.
Logon credentials enables you to set the account that will be used for the autologon feature and to remove
the password from being stored.
Auto publish enables you to control whether the system will automatically publish applications installed within
the XPM.
Conclusions
The goal of this post was to scratch the surface of XPM by reviewing it’s usability options. I ended up going
a lot deeper then I planned since this is without doubt a complex feature that is based on existing and used
technology but with a twist. after I wrote this post I still have several questions that need to answered such
as how does XPM treat AV software…Once I installed it everything seemed to be fine but I noticed that I could
no longer make XPM go away since it’s real time protection kept the system alive. After removing the AV software
the Security Center kept XPM alive since it was warning me that my computer is at risk…Well, I guess I still have
to work that one out.
I really love the Snipping Tool. It enables me to take screenshots without having
to install third-party software quite efficiently. I did encounter one very annoying
issue though when trying to capture context menus or the Start menu- while launching
the snipping tool these menus disappeared… :(
It seems that there is a solution for this issue. To capture a context menu, open the
Snipping Tool, open the menu you would like to capture and then press Ctrl+PrtScn.
The screen should fade and the familiar interface of the snipping tool should appear.
Note that once a screen is captured this will not work again, you will have to reopen the
snipping tool.
The Windows 7 product guide is a straightforward document that everyone can use
to understand how windows 7 can improve their productivity. This guide is at the
user level so it will be tangible by the majority of people.
Personally I found several tips in it, one of them is that by using the following combo
you can run an application in Admin mode: Ctrl+***+Double left Click on a taskbar
item.
Windows 7 Product Guide Download
A few days ago we discussed the option of being able to download Windows 7 instead
of getting a box and DVD…well, I guess it didn’t take long(Microsoft Store):
Every time a new product is released, I ask myself where should Is tart to learn it.
The answer to that is never simple, yet Bill Boswell has put together a very interesting list
for Windows 7 in his article for TechNet Magazine.
More Posts
Next page »