Archive for the ‘Windows’ Category

TapMicrosoft Stealth Patches

14 Sep 2007 09:12 by Rick

It seems that Microsoft has been engaging in a little underhand patching. People are reporting that changes are being made even when they have automatic updates turned off. There is apparently nothing to worry about, they are perfectly good patches, but the deceit is troubling. To see if you have been hit, check the version of \windows\system32\cdm.dll (use right click – properties – version). A pre-patch version should be 7.0.6000.374. If you have been stealth patched then it will be 7.0.6000.381. There is a little discussion about it on the Microsoft Forums but nothing official yet. The only justification I can think of is that, as this is a patch to Windows Update itself, there may be no other way it can be done, but even that doesn’t excuse the silence.

Update: Microsoft have explained what is going on and it is just as I thought, but I still maintain that if they can detect and action that an update is required then they can just as easily tell you about it so you can make an informed decision.

TapDistorted, Choppy Sound

3 Sep 2007 19:56 by Rick

All of a sudden, my PC had started to distort the sound of playback of anything, even the internal Windows “bonks.” Especially it would no longer allow me to play one piece of music off my network drive whilst ripping another, but any activity, especially disk activity caused the music to take a back seat only getting attention in the gaps. Awful! There may have been some impact on the overall performance as well.

The solution was totally unexpected but made a little sense in hind-sight. Some time earlier I had trouble writing a CD-ROM creating a coaster. It seems that in the process of all the errors, Windows in its wisdom, had downgraded my IDE controller which contained both the writer and the hard drive.

This can be confirmed by looking at Right Click “My Computer” / Hardware / Device Manager; then expand “IDE ATA/ATAPI Controllers” and Right Click “Primary IDE Channel” selecting Properties. The Advanced Settings tab would show Content Transfer Mode = PIO mode (which is wrong).

To Fix it you need to uninstall the driver. Do this by closing the properties and Right Clicking “Primary IDE Channel” and select Uninstall. Do this for all of them if there is more than one. It will ask for a system restart. When you log back in you will notice various “Found New Hardware” slugs come up—for DVD/CD Drive, Hard Drive and the IDE channel itself. It will then ask for another reboot. This time if you go through the check again the Content Transfer Mode should be “Ultra DMA Mode 5” (or perhaps other numbers) and it should all be wonderful again.

TapMedia Players (4) Troubleshooting

2 Aug 2007 08:52 by Rick

The way Audio Visual playback works on a PC is that your player software of choice looks at that the file and decides what format it is from a 4 character code in the headers. This will tell it what codecs are required (they are separate for video and audio). It will then read the data from the file and pass it to the relevant codec. This will decode and expand the data stream and pass it back to the player software for display. The decoder parts of the codec have standard algorithms so, assuming they have been coded correctly, it doesn’t matter which one you use.

The best known codecs types are

MPEG-1—used on Video CDs.
MPEG-2—used on DVD and SVCD.
MPEG-4—used on HD-DVD and Blu-ray.
Sorenson3—used by Apple QuickTime videos.
WMV—Windows Media Video sponsored by Microsoft.
Realvideo—now used mostly for streaming video.

but there are subdivisions such as mp42 and mpg4 which are both MPEG-4 codecs.

The best known audio codecs are

mp3—the generic and (probably) public domain codec.
WMA—Windows Media Audio which compliments the Microsoft video codec.

Some codecs do other things like the splitter which separate the audio from the video content. There are also surround sound decoders, subtitle extractors, language separators for multilingual files, chroma-key generators and digital signal processors for sound and picture manipulation. Even Audio and Video hardware drivers are considered as codecs by some applications.

Codecs come as installable packages, often in bundles, and are stored in C:\WINDOWS\system32 as .dll or .drv files.

How to find out what you need

AVI Codec Analyser tells you what you have installed and what you need to play any particular file but I can’t relate the two and it doesn’t seem to recognise QuickTime at all.

GSpot is popular doesn’t seem to recognise many for me.

MediaInfo gives similar information in a much more readable format (with many options) and supports QuickTime.

Finding missing codecs

If you find you need a missing codec, the best way is to search for them by name. Many will be found in the K-Lite package from

TapMedia Players (3) In practice

18 Jul 2007 11:16 by Rick

In part 2, I described a method for getting the three primary applications installed safely on your system. You should be able to run any media files that you come across with it’s optimum application. In the case of generic files such as .wav, .mp3 and .mpg you may not have assigned a player, in which case, ask for the list of options when prompted and select which one you would like to handle it. At fist un-tick the box “Always use the selected program” until you have a feel for which player is best for you (and which ones work!) If you change your mind later, open a file with the right mouse option “OpenWith …” and chose an alternative.

DVD Playback

Note that none of these are actually capable of playing a DVD by themselves. They still needs the relevant codecs from a third party. If you go to The Plugins option table and click on “Look for Plugins on the Internet” you will be taken to a sales page with a number of options (Roxio, CyberlLink, InterVideo and nVidia at present). Fortunately you will find that you probably already have one which came with the DVDROM drive. If not then there is a freeware alternative available called DScaler.

The other thing that you will notice is that whatever you set earlier, Windows Media Player or an application that came with your DVD/CD drive may be the application selected automatically when you insert a disk. This is not directly related to the application itself but the Autorun features set on the drive. What I suggest is that you go to My Computer, right click on the drive icon and select preferences. On the Autoplay tab select each media type In turn and tell it to “Prompt me each time to chose an action.” This will give you a chance to think about it and make your decision later for each type of disk.


One feature that you do want that comes with all the players is the browser plug-ins that enable inline and streaming content to be handled correctly. This is what the question about MIME types was about on the real Player install. Fortunately all three now come with plug-ins for IE, Firefox and, I think, Opera. There is a fourth application that I haven’t mentioned yet which is important in this context—Adobe Flash Player. This doesn’t present too many complications, it is a single function application unlike the others, only works from within the browser and comes with its own codecs built in.

Part 4 will talk about troubleshooting problems.

TapMedia Players (2) Installing

16 Jul 2007 12:50 by Rick

As we saw in the first article in this series, in order to play all formats of auto and video files we may come across we need to have three separate Media Players installed. It used to be the case that the bickering was intense and the players would steal control from competitors without consulting the owner of the PC. I am glad to say that this has largely died out but you still need to install the programs with care so that you retain control (and your sanity). Note that these pieces of software are not those that you can accept all the defaults and let them rip, you do need to read all the information presented to you and make some decisions.

Unfortunately one of the features of these programs is that they have many configurable options and no good information about what they mean. Each of the applications does a lot more than just play music or video. They come with library organisers, instant messages about new (media) releases, online information about performers, graphical visualises for music, online radio stations and shops where you can buy stuff. Although you may want some of this, you are unlikely to want three different versions so these guides explain how to minimise them. You can always change you mind later.

Windows Media Player

You will find that you have this installed already but it is worth getting a recent version (I would suggest version 10 at present even though 11 is available) partly for security reasons and partly to benefit from its less aggressive attitude.

During the install (or afterwards by going to the Tools—>Options menu) you get some choices to make. I would suggest looking carefully at the privacy options and also the file types that it handles. On this last point, this is the list of types that it will set itself up as the default player overriding other competitors. I would suggest allowing it to handle it’s own proprietary types (asf, wma and wmv) but it is your choice what other more generic types you would want it to play, particularly mp3, mpeg and CD & DVD disks.


The Apple Quicktime format is very popular for internet video files, partly because of the popularity of the Mac with production houses. There is a very good independent install guide for it at Codec Guide but it still needs some modification for general use as that was written for a particular purpose. The software can be downloaded from the Apple web site. At the time of writing, this is version 7.2 Be sure to get the version without iTunes unless you particularly want that software.

My suggestions for the various prompt windows you get are
Destination Folder—un-tick the box for “Apple Software Update”;
Configure Files and Mime Types—in much the same way as for WMP, only allow it to handle it’s own proprietary types (in fact it won’t allow you to remove one of them). Also un-tick the “notify me” box at the bottom.

Once it is installed I think you need to do some further configuration. In the system tray you will find the blue Q icon. Right click on this and select QuickTime preferences. On the Update tab, check that “Check for Updates” is not selected. On the Streaming tab set your internet speed and un-tick the “Enable Instant On” box. Finally, on the Advanced tab, un-tick the “Install QT in system tray” box and click OK. Now start QuickTime, eg. from the Start menu or the desktop icon. Go to Edit—>Preferences—>Player Preferences (note that Quicktime Preferences is also available here if you need another look). Tick the “Use high quality” box and un-tick the “Show Content Guide”. Now, next time you start it you will have a clean, unobtrusive and really quite good media player.

Real Player

Now that any serious allegations of spy-ware are past them, this is a player like any other and one that you may like; it plays more formats than the others. You won’t, however, come across much video material on the internet in proprietary Real Video format but quite a lot of audio streaming sites, such as the BBC, use the Real Audio formats. There are some candid recommendations on how to install it from one of the company’s engineers on a forum. The software can be downloaded from the Real web site and be sure to go for the free version.

When I installed it I un-ticked all the boxes on the Desktop Settings prompt and on the Universal Media Player click “Select media Types”. This is a similar process to the other two and, again, I would suggest only selecting the native proprietary formats to start with.

Once it is installed, start it up and go to the Tools—>Preferences menu item. On the General tab set it to display the player only on start-up, Set your internet speed on the Connection tab and take a look at the Privacy options. I have lost my notes now but I think there is also a Configure Message Centre tab, and I would suggest un-ticking all the boxes, the same on the Auto Update tab.

The third in this series will cover using the players in practice.

TapMedia Players (1) The Problem

14 Jul 2007 08:05 by Rick

One of the trickiest problems to solve with computer software is interactions between different products and nowhere is this more difficult than with “media” software. By media software I mean the programs that play video & audio files, CDs & DVDs. For the moment I am ignoring the creation of these files and disks which includes recording sound and video, writing disks, ripping files and conversion. What I am looking at is playing what you have got or can download. Later I will be looking in more detail at the playback for presentations such as we use in Church.

What makes this so complex is that there are at least three competing systems, each with their own proprietary formats and which largely refuse to talk to each other. These are Microsoft Windows Media Player, Apple Quicktime and Real Player. What is worse is that these programs have a reputation of bickering and fighting over who has control of the PC that should be yours. You don’t have a lot of choice about the file formats because others are creating them, so what I have been looking at is how to achieve the maximum capability with the minimum of annoyance.

I will state at the start that I am not an expert in this field, I am trying to make sense of it so if you have any useful insight I would welcome hearing from you. It is possible to get into quite a mess with this and on more than one occasions I have had to un-install everything and start again.

The reason that the problem exists at all is that, if nothing was done to media files, they would be absolutely huge. I am sure you can do the maths but even a small 320 x 240 video at 25 frames per second and 24 bit colour depth generates a huge file in no time (44Mbps). This is what analogue VHS recorders did and why the media was relatively bulky (and poor quality). The situation for audio is similar; though the data rate should be lower, we are less tolerant of errors so the files can still be large. For example a CD samples at 44.1 thousand times a second at 16 bit resolution on each of two channels (1.3Mbps). Analogue audio recording could be good, arguably better than digital. What was done to reduce the quantity of data in both cases was to compress the files eliminating bits that were thought to be unnecessary. A certain amount of lossless compression can be done but most of the methods involve some compromises of quality over space. It is these algorithms which compete and some of them are proprietary.

The software that handles this compression/de-compression is abbreviated to “Codec” and there are hundreds of them. The way that they are supposed to work is that they are first registered with Windows and then any media player that needs to use one sends the raw data to it and it comes back processed. The media player decides which codec it needs by looking at the identifiers on the file. This is where the system breaks down. Some of the media players refuse to even look at competitor’s files, so Windows Media Player will not play Quicktime .mov files however hard you try and only Real Player will look at .ram files. In fact Real Player is one of the better ones and will play most things sent to it if the codecs are available. This is the second problem—the proprietary codecs are only generally available with the corresponding company’s player. If they were charging for this software then there would be a good case for challenging them on competition grounds but they are, at least in basic form, given away free. So, for Real Player to process a Quicktime file, Quicktime itself has to be installed, even if you don’t use it. Finally WIndows Media Player is one of those programs that comes pre-installed with Windows and is difficult, if not impossible to remove.

So, how should this be resolved. Well, ideally, the manufactures ought to be a bit more sensible about this. In the codec, only the “co” part is really proprietary. The “dec” parts have published standard algorithms and should be freely available; after all they want us to view the films coded with their software. The coding part, the creation of files, is a business matter and if they want to hold onto and/or charge for this, it is up to them, but in that case the creators have a choice of which format they want to use. Secondly they should get off their high horses and make the players acknowledge that there are other good things out there and start recognising each other’s files.

In the short term we need to make the best of what we have got and that is what I will look at in the second article in this series.

TapSoftware Updates

13 Jul 2007 08:53 by Rick

Keeping up to date with software fixes these days can be very difficult; at best it is time consuming. Many applications come with automatic notifiers but often we are not comfortable enabling them and, anyway, they vary in efficiency. Some, for instance, only work from admin accounts; others ought to but instead try to update from limited accounts and fail. Microsoft pioneered this with Windows Update with Automatic Updates and have had a period of mixed success and errors which we hope is now over [update: spoke too soon on this. Reports of problems with this week’s .net patch]. The Anti-Virus people have got it best in hand but even they hiccup when it comes to vulnerabilities internal to their own software.

Today I discovered a very useful facility which does for your whole machine what Microsoft Update does for their products. Secunia Software Inspector is a free service which uses a Java applet to go through your machine looking at the revision levels of software all types and notifies you if there are security updates that you should be installing. I ran it today against a machine that is pretty well maintained (but not by me) and it noticed that Adobe Flash Player and Sun Java JRE were both down level. It even told me about the update to Apple Quicktime which was only announced this week. A company like Secunia is going to be on the ball because it is they who tell the rest of the world what is up, and I trust them more than some because they don’t have a marketing team leaning on them, at least not in the retail business.

TapGpg4Win and Enigmail

22 Jun 2007 17:40 by Rick

There is currently a problem that Enigmail, the OpenPGP extension for Thunderbird doesn’t work with Gpg4Win. The latter is the GUI version of GnuPG for Windows. The versions tested were Enigmail 0.95.1 and Gpg4Win 1.1.0 but I understand other versions are affected.

There seems to be some dispute as to which program is at fault and the most seen recommendation is to un-install Gpg4Win and install the plain command line version of GnuPG. Although there is some overlap, both provide a key management GUI for instance, this would lose some of the useful disk management functions of Gpg4Win.

I have discovered that there is a much easier fix. In Thunderbird, go to the OpenPGP ==> Preferences menu item and in the “Files and Directories” window, tick Override and enter C:\Program Files\GNU\GnuPG\gpg.exe. Now stop and restart Thunderbird and every thing works just fine.

TapVirus Scare

16 Jun 2007 13:39 by Rick

I had a bit of a fright this morning; AVG (free) kept saying that it had found an infected object but it wouldn’t put it in the Virus Vault where it should go. I was bothered because I don’t do viruses, I consider myself too smart for that (lookout, the sky is falling in). I see a few go past in email and I used to have trouble when my anti-spam system kept a copy of recent emails in plain text (it now keeps them in a database, so that is resolved). I have just installed a trial of Prevx so wondered if that may have triggered something but I don’t think so.

Some analysis and a few blunders later I discovered.

  • The infected file was in C:\System Volume Information\_restore{DF9 …a lot of hex… F08}\RP108\A0024948.exe. If I remember rightly this is the System Restore area. I don’t recognise the file name, perhaps System Restore mangles them?
  • This accounts for why my working (LUA) account could not vault it, because I don’t have access.
  • It is reported as I-Worm/Stration.DJC. This is normally distributed by ICQ (which I don’t use) but has been seen recently in spam email—I am unlikely to have executed any attachments.

The blunder was that (in a panic) I deleted the system restore area before scanning the system; I seem to drop out of Security Analyst mode when I come home. Anyway I did a full system scan and a run of the Kaspersky Online Scanner for good measure. Nothing else was found.

What I don’t understand is

  • How it got there. I thought System Restore was backing up things that changed during an install so that you could back them out later. If that is the case, it should have been live on my system before whatever install replaced it and there should be some other traces left.
  • Why AVG should have been looking there in Resident Shield mode anyway. I thought it only checked files that you accessed, and that is not likely to be one of them.

It will, no doubt, remain a mystery.

TapExecutable White-listing

12 Jun 2007 16:07 by Rick

It is one of the fundamental rules that, if you want a really secure system, you start by switching everything off and then just enable what you need. This goes for firewalls and accounts for why many that come pre-configured in routers are not very good because they have to let so much through to enable all potential customers to operate; and why ZoneAlarm (the basic version only) is so good because it asks you before enabling anything.

Based on this, the principle behind all Antivirus software is flawed from the start. It is trying to detect what is bad by various means and then blocking it. You can never win at this game; you are always trying to catch up with the perpetrators which is why we now have to accept daily updates and I have seen some offering them hourly. It is also why they can justify a subscription pricing model rather than a one off cost.

But you can go some way towards this goal very easily; just don’t run your day-to-day activities from an administrator account. Administrator accounts should be for administration—that is installing software, taking backups and doing system updates. What you need to do is create another account and using the facility provided in Windows XP, mark it as LUA, a “Limited User Account”. 95% of software works perfectly well in this mode. If you use some very old programs that you have to run then you may have some problems but they can usually be circumvented. However I will (and you should) complain like mad if a new program does not work when run in this way; it is just negligent of the author. The big advantage of the limited user account is that when you are browsing and reading mail and something nasty does get in, then it no longer has access to the heart of the machine and the damage it can do is limited. Most bad-ware will try and install itself in system folders and the machine registry and that is just not possible in this mode. Think of it as running a power tool with the guards in place. You do need to lift the guards sometimes, but not with the power on and only to change the blade.

This article by Marcus Ranum (beware, some strong language) takes this concept a stage further. Here he describes how he has fought to get the complete control he wanted so that only the programs he specified would run. First he tried to use Windows Execution Control. I don’t know the facility nor if this is a fair evaluation of the mechanism but it failed miserably for him. Subsequently he tried using a product called PrevX. The main problem here was that they annoyed him with their marketing techniques but it did look doubtful that it was really doing what it said it did. [I could ask here how someone apparently so experienced in security matters could possibly get infected so often but I suppose that, during research, he may be deliberately working on the margins of safety].

Finally (so far) he found a free-ware product called Exe Lockdown from Horizon DataSys. I tried for quite a while to locate the download as it doesn’t seem to be linked anywhere but eventually found it here. If it does what it says on the box then it should work in a very similar way to ZoneAlarm i.e. maintain a table of permitted programs to execute and if you try to run one not in the list, come up with an “Allow or Deny” prompt. It adds one extra detail which may be of use for those controlling systems used, for example, by children; it asks for the Administrator password before permitting the change. Otherwise it all looks very straight forward.

It works because viruses and other bad-ware need to execute to do anything to your system. If they are not known then they will have to ask and there is a reasonable chance that you may notice at this point and deny them. It is not foolproof though; it will not catch macro viruses such as those embedded in documents or script codes such as Java-script in web pages but it will stop many so it is very valuable and the others will be partially controlled by your LUA.

[Update: Well it was a good idea. First the version I found was only a limited function demo. The link to buy the real thing went nowhere and I couldn’t get it to work anyway. If anyone knows of a program with a similar function then I would be very glad to hear of it.]

^ Top