Sending CTRL + ALT + DEL over Remote Desktop


Have you ever had to send control/alt/delete via Windows Remote Desktop/Terminal Services? If you try it, it ends up being caught on your local client machine. I just stumbled upon a nice trick. If you send [CTRL] + [ALT] + [END], then it will have the effect of [CTRL] + [ALT] + [DEL].

Go try it out! :)



Shane’s Security Software Shuffle [SSSS 2008??] Preview


As you may or may not have noticed from my earlier posts, I’m not a huge fan of the Kaspersky Internet Security suite. I love their anti-virus but I will never install their firewall again until they completely rehaul that system (for reasons like this and this – specifically deleting rules to keep KIS from spamming me).

So here is what I’ve decided to go with for the time being…

Anti-Virus:
avast! Professional Family Pack
This package contains a WHS version of avast! and 10 Pro client licenses and updates for all 11 licenses for 3 years, all at a nice price of $150. My WHS is home-based and falls within the WHS version’s license and the other 10 Pro client licneses can be used on all of my computers, even my for-profit computers. Avast isn’t the #1 in detection rates (Kaspersky still beats Avast here) but it isn’t that far behind either. Also, if for some reason I need more licenses than this, I can begin to use the Free Home version of Avast on my personal copmuters at home and move my Pro licenses to any add’l for-profit boxes I might have. And lastly, having my WHS box be a single point to monitor and manage all AV installations would be quite nice!

Anti-Spyware:
The verdict is still out on this one but I THINK I’ll be using SuperAntiSpyware (SAS) for a majority of this. SAS has a free license but also has a better pay-for version that is very cheap and you can even get a lifetime license with it (a couple ways to do it but on average of $40 per 2 licenses for lifetime upgrades). I don’t have a whole lot of personal experience with it but have been doing some researching of various posts around the interweb and everybody seems to keep coming back to SAS for a lot of stuff. The name is definitely kind of a turn-off but I’m trying to get over that. The main points for me that I like are that it has a relatively small footprint, it has very high detection rates (unofficially determined by many different forums posts by people), it integrates into Windows Security Center (makes WHS happy), and it claims to play nicely with other anit-spyware applications (meaning I can have it run beside another application for better protection). I wish it was a bit cheaper but I’m not gonna complain much there – I’ll be able to get the 10 licenses I need for $200 for lifetime updates. Unfortunately, I cannot have WHS maintain all of these installations. Additionally, I do not believe there is a WHS version of this and I’m not going to test this on my WHS box to find out. I have yet to find anything for my WHS box for anti-spyware software.

Firewall:
Unfortunately, I have not yet determined what I want to use here. I guarantee you that Kaspersky is right out the window though! I THINK for now, all of my Vista boxes are going to happily continue using Windows Firewall. For my XP and 2003 boxes, I’d like to have something better than Windows Firewall, but I don’t know what I can use that are easily monitorable without requiring me to babysit them. Firewalls like Kaspersky’s with the constant nagging of allow/block is not an option because I am not going to babysit all of my boxes. And I think the main thing with Kaspersky’s firewall is that it’s more than just a firewall – it monitors executables that have changed and all other kinds of things which, don’t get me wrong, have value in some scenarios, but not when I have to personally administer 10 boxes that want to continually ask me about things every time there’s a windows update or even sometimes when an anti-virus app updates itself – NO WAY!

I’ll hit this topic again once I’ve decided on my final setup but in the mean time I’d appreciate any input on these things! Keep in mind that there are three important criteria for me:
#1. The product is one of the better quality products in detection rates or whatever
#2. The product integrates with WHS one way or another
#3. The product is very low-maintanance or is something that I can maintain universally from WHS

and a somewhat distant #4 is the cost – I’m happy to pay for the software but cheap/free is good too. :)

-Shane



Bad Kaspersky! (RE:Windows Update KB944533)


This is a follow-up to this post.

I believe I have finally found a fix to the issue with KB944533 that breaks IE for some people running Kaspersky Internet Security (KIS).

The Problem:
So what I believe to be the scenario that triggers the problem is if you have KIS (perhaps limited to version 7 but this I do not know) installed but disable the firewall, you will run into the problems reported in this post. It is important to note the part about the firewall as that appears to be the problem.

An MS MVP said here:

Given other related threads here, I would not recommend attempting to disable the firewall in Kaspersky Internet Security in favor of using the Windows Firewall unless you can figure out how to completely disable the former. If you manage to do it, please let us know how.

I can now vouch for this – disabling KIS’s firewall causes problems!

The Fix:
The fix is simply to re-enable the firewall while you install the patch AND keep it enabled until at least the next time you run IE. When you do, KIS Firewall will open a prompt mentioning that the IE executable has been modified. Once you allow this, then voila – you’re done and you have this patch installed correctly and working. At this point you MIGHT be free to disable the KIS firewall again. Since installing the patch, I have yet to turn it off because I have been prompted 2-3 times with the dialog stating that the executable has been changed and I keep clicking on the allow option. I don’t plan to turn the firewall off again until after a few reboots of no prompts.

My Rant:
Bad Kaspersky! Obviously when I disable the firewall, it only disables parts of it. Bad! Bad! Bad! And I think it gets worse too, but I’ll wait a bit for that part.

What appears to me is going on here is that some portion of KIS is realizing that the executable has been modified. Because of this modification, I assume Kaspersky is intercepting DNS requests for whatever reason. Obviously the prompt to allow these sorts of DNS requests is isolated in the firewall, but also obvious is that the engine’s check for these DNS requests is NOT isolated to just the firewall. So this means that in order to allow these sorts of exceptions (i.e. make your system less secure in a sense), you must ENABLE the firewall! That makes absolutely no sense at all!

Now all of this has been a headache for me and many other people, but I think it gets worse. Reconsider everything that has gone on here and ignore the annoyance. Let me recap:

  1. IE’s executable gets modified.
  2. IE attempts to connect to the internet via domains and is blocked but when attempting by IP is not blocked
  3. KIS Firewall does the blocking because it realizes the executable has been changed

Now reconsider #2 and #3 together – the firewall blocks internet access to protect you, right? Nope! It only kinda partly blocks internet access. If the program is connecting via IP address, then the firewally lets it do anything it wants! So if somebody finds an exploit in IE to modify the executable so it sends all of your personal data to the internet, Kaspersky firewall does NOTHING to block that data transmission if it is sending it to an IP address, it only blocks it if it needs to resolve a domain name.

My Conclusion:
Bad Kaspersky! Go to your room and fix it!



Windows Update KB944533 Breaks IE


I have three workstations on my desk at work that I use on a daily basis. One runs Vista Ultimate, one runs Vista Business, and the other is Vista Home Premium. Since yesterday was Patch Tuesday, I had a dozen or so Windows Updates to install. All installations on all 3 systems seemed to go just fine.

However, my Home Premium box’s IE started acting funny! It could not load web pages by domain but could load them by IP. Obviously a DNS-related issue, right? Think again! I could open up Visual Studio and browse sites just fine in it! Pings worked, Firefox worked, everything worked except for IE by domain name! And all of this was working before patching, so that’s the obvious culprit. After uninstalling patches one-at-a-time, I finally got to KB 944533 (1/4 MB source so it may take a bit to load and render!) and after uninstalling that patch and rebooting, IE ran fine again!

Reading through the KB article, it mentions KB 942818 as a known issue with the patch. I’m running a combination of Kaspersky AV, Kaspersky Proactive Defense, Windows Firewall, and Windows Defender, so if KB 942818 applies to me, then it is Kaspersky AV or Proactive Defense that has issues with it. When installing updates I get into the habit of, upon the first prompt by Kaspersky Proactive Defense, disabling it for 5 minutes, so that is indeed what I did, so I suspect this is the culprit, IF KB 942818 is correct.

While it is not a conclusive test, I’m going to try reinstalling it with Kaspersky completely disabled from before beginning installation. If it is still broken, then I will try again with it all completely enabled the entire time, manually allowing exceptions as prompted. I will post back here the results.

Update #1 (Feb 13, 2008): Apparently having Kaspersky completely disabled the entire time does not fix this. I am now back in a broken state. Next I will uninstall the patch and re-install it with Kaspersky completely enabled the entire time.

Update #2 (Feb 13, 2008): While I’m waiting for it to install yet again, I wanted to mention another behavior that I thought was peculiar that I noticed. If, while browing things in Visual Studio 2005, I immediately went to the same URL in IE as I was viewing in Visual Studio (such as www.cnn.com), then IE would pull the page up although it was obviously being loaded from cache (some dynamic images were dead, some bad javascript and styles, etc. and all links were dead). So it seems that IE’s domain-to-cache linking was working correctly, IP address-to-internet was working correctly, just not domain-to-internet.

Update #3 (Feb 13, 2008): Well, installing it with everything turned on and being aware of the changes made no difference either. I’m giving up for the day and will try again later. As of this point, I have no way to have this patch installed and IE working on this machine, but since it’s a cumulative security patch, I WANT to have it installed!

Update #4 (Feb 14, 2008): As mentioned here, it is appearing as though Kaspersky Internet Security v7.0.0.125d may be the culprit here. I have began a post in Kaspersky’s forums discussing this here. So far, no luck with anything else.

Update #5 (Feb 20, 2008): I have located a post here by A.BORD that pointed out that pausing KIS via the icon in the tray doesn’t really disable things (who knows what it does). If you open up the KIS control panel and individually disable everything in KIS, then the update should install without problems and once you reboot, you can re-enable everything again and be fine and happy. I am trying this right now to see if I can install the patch via this method. If it works, I’ll outline it in more detail.

Update #6 (Feb 20, 2008): I got my hopes up for nothing. This made no difference. I guess I’m going to completely uninstall Kaspersky, install the patch, and then reinstall Kaspersky. I REALLY hope this fixes the problem. I think Microsoft and Kaspersky need to cooperate a bit more than they have on this patch. It’s ludicrous to have to uninstall my security software just to install a Microsoft security patch.

Update #7 (Feb 20, 2008): I’ve fixed it. See my post here with more details.

-Shane


Jaxidian Update is proudly powered by WordPress and themed by Mukkamu