continued...
Tweaks 7-12
Tip 7: Use ReadyBoost.
There’s been a lot of talk about Vista’s ability to use Flash drives to “boost” system performance. Traditionally, Windows will cache files both to system memory and to your hard drive. The cached files on your hard drive reside in the Page File, which is also known as “virtual memory.” The problem with this approach is that even the fastest hard drives are sluggish when compared to flash drives, at least when it comes to seek times, which are nearly instantaneous on solid-state memory. Readyboost tries to address this situation by allowing Vista to use the Flash drive for its Page File, rather than the slow hard drive. It’s important to note that the actual Page File is still cached on the hard drive, but is being accessed from the Flash drive - which means that you're not at risk for losing your data.
So, how do you enable it? Simply insert a “Readyboost capable” Flash drive that is 1GB or larger in capacity into one of your system’s USB ports, and when the pop-up box appears asking what you want to do, scroll down to find the option, “Speed up my system using Windows ReadyBoost.” You can then specify how much space to make available on the device.
This is a hotly-contested feature in Vista as some users claim a decent performance gain (mostly people with less than 1GB of RAM), but others say the benefit is negligible. If you’ve got a spare USB drive laying around, why not give it a shot? We didn't notice a profound difference in performance, but that doesn't necessarily mean that you won't.
Tip 8: Partition drives in Vista.
Back in the XP days, if one wanted to partition a drive from within the OS, he had to purchase expensive, third-party software to do so. Not anymore. Vista includes built-in drive partitioning which is – we can’t believe we’re saying this – totally awesome. The reason it’s so awesome is that you can partition drives on the fly, from within Windows. For example, if you have a 400GB hard drive with 200GB of free space, you can shrink the original 400GB partition down to whatever size you want, and then create a new partition out of the new unpartitioned space.
Here’s how you do it.
Right-click My Computer, select Manage, and click on Disk Management. You will see all of your volumes listed. Right-click whatever volume you want to shrink, and click “Shrink Volume.” (You can also extend volumes as well.) Type in the size of the partition, then click Shrink. After a few seconds, the partition will be shrunk, and you’ll now have a whole lot of unallocated space. Right-click it and select “New Simple Volume.” We fooled around with this utility, both shrinking and expanding volumes that had data on them and we experienced no data loss or problems whatsoever.
Tip 9: Stretch your wallpaper across two displays.
We love our dual displays, but we don’t like staring at two instances of the same image all day. Thankfully, Vista lets us stretch our wallpaper across both displays quite easily. This was also possible in XP, but it was not an intuitive process. Keep in mind, however, that stretching an image across two displays obviously requires a picture that is large enough to stretch all the way across both displays, so you’ll need to add up the resolution of both displays and find an image that is of those dimensions.
Right-click the desktop, select Personalize, and then Desktop Background. Select your image, and then select the middle option for “tile” to stretch it across both displays.
Tip 10: Turn off unneeded Windows features.
This one is self-explanatory. Do you need Tablet PC components installed? Probably not, unless you are using a Tablet PC. So turn off whatever you don’t need in the name of keeping your Windows install as lean as possible.
Click Start, Control Panel, then under Programs at the bottom click “Uninstall a Program.” In the left-hand pane you’ll see “Turn Windows Features on or off.” Ba-da-boom, ba-da-bing. Uncheck whatever you don’t need.
Tip 11: Enable Aero mouse pointers.
This is odd. Microsoft made new Aero-based mouse pointers for Vista, but the default mouse pointer is the old 3D white scheme. To enable the new mouse pointers and animations, right-click the desktop, select Personalize, then Mouse Pointers. Click on the drop-down box under the word Scheme, and select Windows Aero (system scheme). Click OK.
Tip 12: Make XP computers show up in your network map.
Vista uses a new protocol named Link Layer Topology Discovery (LLTD) to display a network “map” of all computers in a network, but the protocol is only in Vista, so XP computers do not show up in this map.
Microsoft has generously released the software for XP, and it must be installed on an XP machine for it to show up in the Vista map. Click here to download the software for Windows XP SP2.
Conclusion
There you have it; some quick and easy tips to make Vista easier to use and more effective. This was not meant to be an all-encompassing “every tip in the world” article, but a short and sweet how-to on making Vista more efficient and user-friendly. We hope you saw some things you can use, and as always, feel free to comment or leave your own tips on our forums.
Wednesday, April 18, 2007
Top 12 Vista Tweaks (part 2)
Top 12 Vista Tweaks (part 1)
We've filtered and sorted through the hundreds of Vista hints and tweaks to find the ones that we think the most readers will find useful. While Vista still feels new, these hints and tweaks might help you settle into your OS.
Introduction
So you've installed Vista, perhaps against your better judgment, and now you’re wondering what you can do to spruce it up a bit. We’re right there with you, and have poured over the Web looking for the coolest, most-useful tweaks we could find. We searched high and low, and completed this list of tweaks so that you did not have to. We have personally tested all of these tweaks and employ most of them on our own systems.
Our sources for this article include this monster thread on our very own forums and Tweakvista.com.
Tweaks 1-6
Tip 1: Customize the size of desktop and file icons.
For some time, it has been possible to adjust font size in office documents and Web browsers simply by holding down the CTRL key while rolling your mouse wheel up and down. In Vista, the same action lets you tweak the size of your desktop icons. Just click on an empty area of the desktop, hold down CTRL, and spin your mouse wheel until the icons are the size you want. You can also adjust the size of your file or folder icons in Windows Explorer by doing the same thing. This is extremely handy for viewing thumbnails of images.
Tip 2: Increase SATA drive performance.
This tip “enhances” drive performance by allowing the drive in question to perform more write caching to system memory. The danger is if your system loses power and you do not have a backup power source (UPS), whatever data is cached to system memory will be lost. If you’re the adventurous type and want a bit more responsiveness out of your system, click Start, type Device Manager in the Search box, click the Device Manager, open up the Disk drives tree, right-click a drive, and select Properties. Go to the Policies tab and check “Enable Advanced Performance.” Click OK.
Tip 3: More widescreen Vista wallpapers.
When Microsoft went shopping for panoramic, widescreen wallpapers for Vista, it tapped Hamad Darwish to shoot some photos. Some of his photos made it into the initial shipping version of Vista, but many did not. Now Darwish is offering all of them for download, absolutely free. Some of them are absolutely remarkable, in our opinion, so go ahead and check them out.
Tip 4: Speed up Flip3D.
This tip will be useful for notebook owners or anyone whose PC is packing less than stellar graphics processing power. The Flip3D animation can bog down weaker graphics cards if it has to flip a lot of windows, so this is a tweak that lets you set the number of windows that will be rendered in 3D at one time.
• Click on the Start Button, type regedit in the Search bar, and press Enter.
• Navigate to HKEY_CURRENT_USER, Software, Microsoft, Windows, and DWM.
• Create a new DWORD and call it Max3DWindows.
• Set the value of this to something between four and nine (“4” and “9”) depending on the performance of your card (a higher number requires more video card power). You should then feel free to experiment to find the best value for your computer. Restart your PC to finalize the change.
Tip 5: Two must-have Sidebar Gadgets.
At first blush, we thought the Windows Sidebar was rather useless. The default Gadgets were not useful (who wants an analog clock when you have a clock on the Taskbar?), and it seemed like a poor rip-off of Yahoo Widgets. However, we’ve now come across some rather useful Gadgets at both of these Microsoft websites.
The first is Multi-Meter, which is the first Gadget we’ve ever seen that can measure CPU activity for multiple cores. You can download it here.
Another Gadget we’re quite fond of is DriveInfo, as it displays the free space on multiple volumes. Since we have several hard drives on our home machines, we love this Gadget. It also allows you to access the drives by simply double-clicking them in the Gadget. Download it here.
Tip 6: Discover what applications are linked to certain processes.
The Processes tab of the Windows XP Task Manager was a confusing, barren wasteland of cryptically-named processes. If you wanted to find out which application was responsible for a certain process, all you could do was to copy down the name of the executable, and then search for it in Windows to locate it or Google it. This was an annoying process. Thankfully, Microsoft has fixed this in Vista by adding an “open file location” option when you right-click any process. Doing so opens the folder the process is running from, which can help you figure out if a certain process can be turned off or not.
You can also click “View” at the top of the Task Manager and click Select Columns to select which columns to display.
to be continue....
Ubuntu 7.04 to Arrive April 19
For Linux business users, the most important Linux release of 2007 so far is Red Hat Enterprise Linux 5. But for most other Linux fans, the upcoming release of Ubuntu Version 7.04 on April 19 demands more attention.
This new v7.04 release encompasses five versions: Ubuntu Server, Ubuntu Desktop, Edubuntu, Kubuntu and Xubuntu. Along with the self-explanatory server and desktop versions, Edubuntu is meant for educational uses; Kubuntu is a desktop platform that uses KDE 3.5.6 for its desktop environment instead of Ubuntu's GNOME 2.18; and Xubuntu is a desktop for lower-end PCs and uses the lightweight Xfce 4.4 desktop manager.
The family is built around the new Linux 2.6.20 kernel. As a cutting-edge distribution, Ubuntu's developers try to bring together the latest and best of open-source software every six months. Users interested in a more settled, stable distribution with full support can turn to Ubuntu 6.06 LTS (Long Term Support).
Ubuntu Server
Ubuntu 7.04 Server Edition adds support for hardware facilities that speeds the use of virtual machines, and boasts improved hardware support and easy upgrades.
On x86 systems with the Intel VT or AMD-V extensions, Ubuntu supports the new KVM (Kernel-based Virtual Machine support) virtualization, which was first implemented in the Linux 2.60.20 kernel. This enables users to run multiple virtual machines on unmodified Linux. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter and so on. Canonical Ltd. officials said Ubuntu is the first Linux distribution that supports VMware's VMI (Virtual Machine Interface), which provides optimized performance under VMware.
Read the full story on Linux-Watch.com: Ubuntu 7.04 to Arrive April 19
NVIDIA GeForce 8xxx ForceWare Drivers 158.19
NVIDIA has just released brand spanking new ForceWare 158.19 drivers. The driver package adds support for the GeForce 8600 GTS, 8600 GT, 8500 GT, 8400 GS, 8300 GS GPUs and weighs in at just under 40MB. Grab them if you need them!
Release Highlights:
- Adds support for GeForce 8600 GTS, GeForce 8600 GT, and GeForce 8500 GT, GeForce 8400 GS, and GeForce 8300 GS GPUs.
- Increased performance in 3D applications.
- Numerous game and application compatibility fixes.
- Microsoft DirectX 9.0c and OpenGLR 2.1 support.
- Please read the release notes for more information on product support, feature limitations, and known compatibility issues.
PureVideot HD support is currently only available on Microsoft Windows Vista
Nvidia has also released a brand new beta version 158.18 of its ForceWare graphics drivers for Windows Vista (Vista 32-bit, Vista 64-bit, Release Notes). However, it's still a beta, and its installation procedure is a little peculiar. Whereas Vista is supposed to allow users to upgrade graphics drivers without rebooting, installing this latest release actually involves two reboots. Nvidia's installer removes the old drivers, asks the user to reboot, then re-loads itself loads at the next bootup (which, incidentally, is at a resolution of 800x600), installs the new drivers, and asks the user to reboot yet again. Nvidia may be slow to re-introduce features, but the firm has nonetheless fixed a good number of bugs with this latest ForceWare release. Problems in a host of games including Dark Messiah of Might & Magic, Ghost Recon: Advanced Warfighter, Half-Life 2, Oblivion, Serious Sam 2, and Warhammer 40K: Dawn of War have been fixed, as have a number of miscellaneous issues pertaining to various desktop applications, including Nvidia's own control panel.
DNS Exploit Used to Plant Backdoor on Windows Servers
By Scott M. Fulton, III, BetaNews
Security engineers are confirming that customers whose Windows servers were confirmed penetrated by a version of the recent DNS service exploit, were infected by any of three variants of backdoor worms identified by Sophos as W32/Delbot.
Sophos believes this to be a variant of the same worm that infected systems susceptible to vulnerabilities discovered in Symantec Anti-virus software late last year. In fact, versions of the worm that infect systems through the DNS service exploit are capable of spreading themselves via the Symantec exploit as well, along with other buffer overflow exploits.
The discovery is in indicator that the perpetrator may be more interested in identity theft and corporate electronic voyeurism than in disturbing the domain name system itself, as some sources earlier reported.
DNS services on Windows Server-based computers provide routing within company domains, not on the broader Internet.
In an update to its advisory today, Microsoft promised customers that something would be ready to address the DNS problem by May 8 -- the next Patch Tuesday -- although it wasn't explicit as to what that something was.
"We have teams around the world working on it twenty-four hours a day," reads the Security Response Center blog, "and hope to have updates no later than May 8, 2007 for the May monthly bulletin release." It went on to remind customers that the company has to write these updates in 133 languages, and tested independently.
ATi Catalyst 7.4 Drivers
If you own an ATi video card, head on over to the AMD / ATi website and download the new Catalyst 7.4 drivers for Windows Vista, Windows XP and Linux platforms. Word is: "OpenGL performance in Windows Vista improves for the entire ATI Radeon X1000 series of products in both single card and hardware Crossfire configurations. Typical Improvements of 15% or more can be seen games such as Doom 3, Quake 4 and Prey with enthusiast class products seeing improvements of 30% any beyond"
Resolved Issues for the Windows Vista Operating System:
- Battlefield 2: A momentary split screen is no longer seen when launching the game with AA enabled.
- City of Heroes: Changing the display resolution to 2560x1600 or higher no longer results in the game failing to run.
- Never Winter Nights->Shadows of Undrentide: Attempting to play the game under the Windows Vista operating system (64bit version) no longer results in the opening cinematic failing to play when using an LCD display device.
- Never Winter Nights->Shadows of Under tide: Attempting to play the game on a system containing an ATI Radeon X800/850 series of product and running the Windows Vista operating system no longer results in game failing to respond after playing the opening cinematic.
- Quake 4: game corruption is no longer noticed when playing the game under the Windows Vista operating system when using an ATI Radeon 9800 XT product.
- Romance of the Three Kingdoms XI: Texture corruption is no longer noticed in the terrain of the game.
- Unreal Tournament 2004: Playing the game on a system containing an ATI Radeon X1600 and running the Vista operating system no longer results in display corruption being noticed.
Resolved Issues for the Windows XP Operating System
- 3DMark03-GT3: Display corruption is no longer noticed when running the application on a system using an ATI Radeon X1650 product.
- Call of Duty: Setting AA to either 2 or 4x no longer results in display corruption or the Vista operating system failing to respond when using an ATI Radeon X800/850 series of product. - Dungeon Lord: Minor and intermittent display corruption is no longer noticed when playing the game with CrossFire enabled.
- Prey: Using the mouse to maneuver around the game screen no longer results in corruption being noticed. Tribal Trouble: Launching the game on a system containing an ATI Radeon X1900/1950 product and running Windows XP no longer results in the game failing to load and the operating system failing to respond.
Monday, April 09, 2007
Windows Animated Cursor Stack Overflow Vulnerability (0-Day)
Summary
Determina Security Research has discovered a vulnerability in the USER32.DLL code responsible for loading animated cursor (.ANI) files. This vulnerability can be exploited by a malicious web page or HTML email message and results in remote code execution with the privileges of the logged-in user. The vulnerable code is present in all versions of Windows up to and including Windows Vista. All applications that use the standard Windows API for loading cursors and icons are affected. This includes Windows Explorer, Internet Explorer, Mozilla Firefox, Outlook and others.Microsoft fixed a closely related vulnerability with the MS05-002 security update, but their fix was incomplete. Determina Security Research was able to bypass the MS05-002 patch and develop a proof-of-concept exploit that works on fully-patched Windows systems.This vulnerability was independently disclosed and has been actively exploited since Mar 28, prompting the release of this advisory. Exploitation details have been omitted from the advisory until a vendor patch is available.
Credit:The information has been provided by Determina Security Research.The original article can be found at:http://www.determina.com/security.research/vulnerabilities/ani-header.html
Details
Vulnerable Systems:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 2
* Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 for Itanium-based Systems
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 Service Pack 2
* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
* Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows Server 2003 x64 Edition Service Pack 2
* Microsoft Windows Vista
The ANI file format is used for storing animated cursors. The format is based on the RIFF multimedia file format and consists of a series of tagged chunks containing variable sized data. Each chunk starts with a 4 byte ASCII tag, followed by a dword specifying the size of the data contained in the chunk.
struct ANIChunk
{
char tag[4]; // ASCII tag
DWORD size; // length of data in bytes
char data[size]; // variable sized data
}
One of the chunks in an ANI file is the anih chunk, which contains a 36-byte animation header structure. The buffer overflow fixed in MS05-002 was in the LoadCursorIconFromFileMap function. The vulnerable code did not validate the length of the anih chunk before reading the chunk data into fixed size buffer on the stack.
The pseudo code of the vulnerable function is given below:
int LoadCursorIconFromFileMap(struct MappedFile* file, ...)
{
struct ANIChunk chunk;
struct ANIHeader header; // 36 byte structure
...
// read the first 8 bytes of the chunk
ReadTag(file, &chunk);
if (chunk.tag == 'anih') {
+ if (chunk.size != 36) // added in MS05-002
+ return 0;
// read chunk.size bytes of data into the header struct
ReadChunk(file, &chunk, &header);
For more information about the MS05-002 vulnerability, please refer to the eEye advisory that describes the issue in great detail.
If the animation header is valid, LoadCursorIconFromFileMap will call the LoadAniIcon function to process the rest of the chunks in the ANI file. LoadAniIcon uses the same ReadTag and ReadChunk functions as LoadCursorIconFromFileMap and contains the same vulnerability in the code that reads the anih header. This vulnerability was left unpatched in the MS05-002 security update.
int LoadAniIcon(struct MappedFile* file, ...)
{
struct ANIChunk chunk;
struct ANIHeader header; // 36 byte structure
...
while (1) {
// read the first 8 bytes of the chunk
ReadTag(file, &chunk);
switch (chunk.tag) {
case 'seq ':
...
case 'LIST':
...
case 'rate':
...
case 'anih':
// read chunk.size bytes of data into the header struct
ReadChunk(file, &chunk, &header);
This code relies on the check in LoadCursorIconFromFileMap to catch the malformed anih chunk before it reaches the LoadAniIcon function. Unfortunately, LoadCursorIconFromFileMap validates only the first anih chunk, but LoadAniIcon processes all chunks in the file. By creating a file with two anih chunks, one valid and one malformed, it is possible to reach the vulnerable code in LoadAniIcon.
Reading the second anih chunk with the ReadChunk function will result in a classic buffer overflow, overwriting the return address of LoadAniChunk and allowing the attacker to take control of the code execution.
Exploitation:
The exploitation of this vulnerability is interesting in light of the protection features built in the latest versions of Windows XP, 2003 and Vista. It is a stack overflow and should be detected by the /GS security check. Unfortunately, the Visual Studio compiler adds the /GS check only to functions that contain certain types of arrays, assuming that most buffer overflows are a result of out-of-bounds array access. The LoadAniIcon function uses a structure as a destination buffer for the data it reads and as a result its return address is not protected by the /GS stack check. This allows an attacker to overwrite the return address and take control of the program execution on Windows XP SP2, 2003 and Vista in the same way as on Windows 2000.
In addition to the missing /GS check, the vulnerable code in USER32.DLL is wrapped in an exception handler that can recover from access violations. If the exploit is unsuccessful, for example due to the Vista ASLR, the process will not terminate and the attacker can simply try again. This gives the attacker an easy way to bypass the ASLR protection and increase the reliability of the exploit.
Solution:
The call to ReadChunk in the LoadAniIcon function should be preceeded by a check similar to the one introduced in MS05-002:
if (chunk.size != 36)
return 0;
ReadChunk(file, &chunk, &header);
