Lazybit

Sometimes things go wrong, Windows crashes with a blue screen of death (also known as a BSoD), resetting the computer.

The blue screen contains some information about the cause of the error, often that information can help you solve the problem almost immediately. However, most systems are configured to restart automatically when a blue screen occurs, thus there is not enough time to actually read the text on the blue screen.

You're missing a great deal of data - the name of the faulty driver, the code of the error itself, and some addresses which might be useful later.

To prevent that from happening, Windows can be configured not to restart the system automatically when such a crash occurs. This gives you enough time to analyze the data on the blue screen and figure out whether something can be done about it.

To do that:

1. Open the System properties dialog (you can get there by pressing Win+Pause)
2. Go to Advanced\Startup and recovery
3. Press Settings
4. Uncheck Automatically restart

From now on, you'll have plenty of time to enjoy the view of the blue screen, it will be displayed until you press the reset button (laptop owners beware: if you don't have a reset button, you'll have to turn the system off, then turn it back on).

Basic troubleshooting steps

• If you're lucky, the blue screen will contain the name of the faulty driver, the one that caused the problem. Usually it is a *.sys file. Copy the name of that file and see if you can find any info on it on the Internet. Usually the first results will point you to pages which explain which program the driver belongs to, so now you know that you can boot into Safe Mode and remove the offending application.
• Alternatively, you may figure out that the blue screen started to occur after you've installed a particular program or a device driver - so obviously the first thing to do is try to remove that program and install a newer version.
• Microsoft provides a list of errors shown on the blue screen, as well as their detailed descriptions. It's a good idea to take a look at that list and find out the meaning of PAGE_FAULT_IN_NONPAGED_AREA or IRQL_NOT_LESS_OR_EQUAL

Minidump - what do I do with it?
By default Windows will create a minidump, and store it to %windir%\minidump. The minidump contains information about the state of the system before the crash; these data can be used to understand what caused the error, and how to fix it (once you find the offending driver, it's a good idea to contact the authors of that module and give them the minidump as well).

Note that interpreting a minidump is not easy if you are not an experienced developer. You are more likely to have a positive result if you try the tips described above. If nothing helps, get hold of the created minidump and send it to someone who knows what to do with it.

If you want to give it a try yourself, use Microsoft's Debugging tools for Windows. Once you run the debugger, go to File\Open crash dump, and then you're on your own.

How to enable minidumps
Some may choose to disable the creation of minidumps (to save space perhaps?), but they are very important when troubleshooting a problem. To enable the minidumps:

1. Press Win+Pause to start the System Properties dialog;
2. Go to Advanced\Startup and recovery;
3. Ensure that Write debugging information is set to Small memory dump (64 kb).

Happy troubleshooting!

How can people be assured 100% that you don’t use all those accounts and passwords?

Couldn’t there be a hidden program that runs secretly to send all that information to a remote capture system?

You can be 110% sure that none of your credentials are sent to us, you can verify that yourself.

Password Carrier never establishes any network connections, so your data cannot be sent anywhere by our program. The only exception is if you have update checks enabled; in that case, the program will connect to dekart.com and retrieve a small text file, which contains information about the new versions, if they are available.

You can disable the automatic update checker, and in that case Password Carrier will be completely isolated from the Internet.

If you have updates enabled, you can use a network sniffer (such as Wireshark), to see which data are actually sent/received by the program, and make sure that you are indeed dealing with a small text file which contains the number of the latest version.

Further, you can examine the program with various tools in order to monitor Password Carrier's file-system behaviour. If you do that, you will notice that Password Carrier does not start other processes which could perform network transfers; nor it writes sensitive data to obscure locations in the file system.

The drawing below shows that:

• Password Carrier does not 'talk' to any web-sites directly
• It only interacts with your system's browser, and then the browser itself will communicate with each web-site

The time has come, Private Disk 2.10 is now officially released. Some of the changes were already commented in the release notes of an earlier beta version of PD (those features are Disk Firewall's training mode, trusted program authenticity verification).

One of the most important things is compatibility with Windows Vista systems of all flavours that exist out there. Private Disk is now shipped with digitally signed drivers, so if you have a 64-bit Vista platform - you can use PD on it. This makes Private Disk yet again compatible with every version of Windows (starting with Windows 95).

There is also a new icon, which looks good whether you're looking at a zoomed in version, or at a tiny icon in a "list view".

Run Private Disk as a service

This is a very handy option, it used to be a part of the older 1.x versions of Private Disk Multifactor. Once this is enabled, you can run Private Disk, mount the image, then log off - the virtual drives will still be mounted, allowing other logged on users to access them (including those who access them from the network, if they are shared).

The idea is that you can mount the disk and restrict others from changing its settings (ex: alter the white-list, or change the disk's properties, etc). As an administrator, you can start the server and mount the disk, then share it; from that point on end-users can connect to the server and use what they are allowed, without being able to do (break) anything. This feature will help you offer users only as much power as they need to get their job done.

PD File Move - the secure data migration utility

This is the newest addition to Private Disk's arsenal, and it was not a part of any of the beta versions that were made public prior to the release (although the utility itself could be downloaded from the site, if you explored it thoroughly). It is designed to find a group of wanted files in a certain location, create an encrypted disk of the right size, move them to the protected storage vault, and then wipe the originals, so that the files cannot be recovered.

This is a typical screenshot of PD File Move

What can it do?

• Let's say you have a music archive you want nobody to see. Just tell PD File Move that you want to look for MP3, WAV, AAC, FLAC, WMA and OGG files (you can add your own extensions too) in D:\. The program will find all those files, and then securely move them to the new location. Afterwards there's no trace of the original files, if you used the file wiping option.
• You purchased a new computer in your office, you want to move all the data from the old machine to it. You don't remember clearly where all the documents are, but you know that you work with PDF, DOC and ODT files. PD File Move will find them for you, so there is no chance that you accidentally forgot to copy something before giving the old computer to a relative, or donating it to a school.

We decided not to bring these features into Private Disk itself, and instead have a separate utility to do the job. Private Disk continues to be extremely lightweight (using about 2.5 MB of RAM when disks are mounted), and PD File Move will not get in your way while you use Private Disk.

We are against bloatware, so you can be sure that Private Disk will continue to be a fast and solid tool, and it will never turn into a performance hog.

Here comes the changelog of the final version:

+ added XP-style and Vista-style icons
+ allows to run Private Disk software as a system service

+ added Disk Firewall Program integrity verification feature
+ allows to disable/enable Disk Firewall Program integrity verification

+ added Disk Firewall Traning Mode feature
+ allows to disable/enable Disk Firewall Traning Mode

+ compatibility with Windows Vista
+ compatibility with Windows Vista x64

+ the encryption password can be changed when the disk is mounted
+ allows to create a backup copy of a disk's encryption key automatically

+ optimized disk creation speeds when "fill disk with random data" is enabled
- fixed bug with occasional blue screen errors if Windows Defender is installed

- fixed bug with autorun.inf on USB-drives

Enjoy using the software!

If you're monitoring the pulse of the IT world, you probably stumbled upon this story:

ElcomSoft has discovered and filed for a US patent on a breakthrough technology that will decrease the time that it takes to perform password recovery by a factor of up to 25. ElcomSoft has harnessed the combined power of a PC's Central Processing Unit and its video card's Graphics Processing Unit. The resulting hardware/software powerhouse will allow cryptology professionals to build affordable PCs that will work like supercomputers when recovering lost passwords.

Now, let me translate that into plain English - they can use the computer's video card to speed up the process of brute-forcing a password. Modern computers have powerful video cards, and it is a pity to let them do nothing while the CPU is working hard.

The part which I find funny is "discovered a breakthrough technology". Was it hidden somewhere in the snows of Siberia, or in the sands of Sahara? ... waiting for hundreds of years for someone to come and discover it... How about "develop" or "invent"?

If I ignore that and only consider the serious stuff, there are several things that I have to say:

• This is not new, and others have been using the GPU to process data for quite some time;
• While this does make things a bit faster for the attacker, you should not worry - just add one more letter to your password and you've made their job 26 times slower. And that's a conservative estimate, because we're only dealing with letters. How about making it a bit more complicated and using small-case and upcase letters? How about signs like these: "!#%^*@?", numbers, foreign languages? If you use a character-set that goes beyond the 26 small latin letters, making the password one character longer makes the promised x25 speed-up completely useless;
• Another thing is that a video card with plenty of horse power is very expensive, so it is difficult to imagine how such a "supercomputer" is affordable. Finally, I would rather invest my funds into more RAM or a better CPU, instead of getting a better video card (but that's me, a 99% non-gamer).

So, if that story made you a bit worried of your privacy, you can relax now. Either of these tips will help you out:

• Use a stronger password (either longer, or use one with unusual characters, or do both);
• Switch to smart-cards and tokens, coupled with biometric authentication;

Many years ago I decided I was not going to use an antivirus for my computer. My friends and colleagues find this unbelievable, but they are more surprised when I tell them that throughout the years this decision never came back to haunt me.

The #1 reason was to get rid of the performance penalties that are an obvious consequence of an antivirus that runs in the background and checks all the files that are being accessed. The second reason was that [at that time] I did not have a permanent Internet connection, so I was always sure that I never had the most recent updates. In other words, I was aware of the fact that my antivirus would probably miss a threat or two. In those circumstances it was obvious that

• I have to live with permanent performance issues;
• And in spite of that, there is a great chance I'll get infected anyway.

Naturally, I decided to remove the antivirus. This sounds like a crazy decision, but it is not, if you analyze the problem. Think about the sources from which viruses come:

• Emails with attachments
• Things you copy from CDs, DVDs or USB flash drives when you exchange data with friends
• Files downloaded from Internet sites
• Source-X (you'll find out below)

Now, let's deal with each item:

Email - this is not a real threat, as long as you follow some basic rules:

• Don't run programs that came in attachments;
• If the attachment comes from a trusted person; either ask them if they really sent that file, or simply ignore the email because (see below)
• Normally people don't send programs (EXE files) via email. Usually we exchange photos, documents, movies... why would we suddenly change the pattern and send a program?

Files copied from various media - the same logic applies: photos, movies and texts are not executable files, hence they pose no harm. If the CD or DVD is from a store, then we can trust the vendor made sure there are no infected files there. If it comes from an unreliable source, then try to obtain the same file from a trusted one.

Files downloaded from various web-sites are the ones more likely to be harmful, especially if they come from P2P networks like eDonkey or Kazaa. As in the previous case, you are pretty safe if you ignore EXE files and only use the .mp3 or .avi ones - they are not executable programs, so they can't cause trouble. (Note, if you're the "download stuff off P2P networks" type, you might find PD FileMove useful)

As you can see above, most of the times you can get away by simply taking a look at the type of the file and making sure it is not a EXE. An antivirus is not needed for that, all you need is to think for a second before double-clicking a file.

Now, what if you received a file from a friend, and they confirmed they really sent it, so it's supposed to be safe... but your defensive instincts tell you that the file might be harmful, what then? The solution is to use an antivirus which is not resident, i.e. it does not permanently reside in the computer's memory and you only use it when you think you need it.

I do have an antivirus on my computer, a free program called ClamWin. If my "psychic virus detection" skills are not convincing enough, I can right-click the suspect file and scan it:

Knowing that I can do this, gives me the psychological comfort of feeling protected. But here's the funny thing - in no less than 5 years of not using an antivirus, I used this option no more than 10 times. Each time I used it, the antivirus confirmed that the suspect file was indeed malicious - but I was able to determine that myself just by analyzing the file (its name, extension, size, the date it was created).

In other words, I have empirical evidence that life without an antivirus is not only possible, but also very successful. Of course, this requires rather advanced computer-oriented thinking (not everyone can guess that a file is a spyware program just by looking at it), but even this has a simple solution - don't mess with unknown EXEcutable files.

This story would be incomplete, and misleading, if I didn't mention that I am using a firewall, and I am pretty sure that my firewall is the second most important layer of defense (the first one being my intuition; the term 'intuition' is not very good, but discussing its appropriateness is beyond the scope of this story).

This occurred to me in the days of MSBlast, when many people suddenly found themselves with a "System is shutting down in X seconds" message on the screen. That's when I learned that threats don't necessarily come in the form of a EXE file which I must run; an unprotected system with known vulnerabilities can easily become the target of an attack. Afterwards files can be run on the system without my permission, so I can get infected. The obvious conclusion is that there is another source of threats - network connections (this is what "Source-X" referred to). And the other obvious conclusion is that I needed a firewall. Nowadays Windows comes with a built-in firewall, so we've got this attack vector taken care of. Note that this firewall does not monitor outbound connections, and is not very flexible, but choosing a perfect firewall is beyond the scope of this story.

Finally, there is another layer of defense, the one which never fails, the one that gives me the greatest psychological comfort (i.e. if everything else lets me down, I can be 100% I am not totally lost). What I'm talking about, is Disk Firewall. The defensive strategy is simple and very easy to implement:

1. Separate system files from your personal files (see the 4th message in the forum thread);
2. Store your personal data in a virtual encrypted disk, restricting access to the data using Disk Firewall and a list of trusted applications.

In this case, even if your system was compromised, you can be sure that your data are absolutely intact. Moreover, if you've implemented the 'separate system from personal data' approach - restoring your system to a stable state is "one-two-threasy" :-)

Conclusions

• Life without an antivirus is possible;
• Most of the security threats can be dealt with by simply being attentive to details;
• If you insist on having an antivirus (which you will rarely use), why pay when there is a free alternative?
• If your antivirus program comes with a built-in firewall, perhaps you can make your system faster by leaving only the firewall enabled, disabling the resident scanner and manually scanning files that you think are suspect;

Secondary conclusions

• I save money because I don't pay for an antivirus, nor I pay for updates;
• I never complain about my system being painfully slow (unlike some of my colleagues, who are so well-protected that they can't even use their computers for any real-world tasks, other than watching progress bars ;-)