jaclaz

Naah, the batch is fine, I would have written it differently, avoiding the use of the temp directory listing and simply emptying the "extract" subdirectory when starting, but it seems to me perfectly fine as it is. Just an idea, but maybe it could be useful - if the issue is, with a large number of updates of this kind, the sheer disk space occupied by the expanded version - do something like a "fake" directory structure, leaving just the name and the sizes of the files (using "sparse" files, of course only on NTFS). But it would probably be of little or no use, as what is needed often is to check the actual version of the .dll's and .exe's in the archive... jaclaz

AFAIK, there is NO "Canon" driver for 7 (or for any 64 bit OS) but the printer should be supported by the "standard" Windows 7 drivers, and there is an "add-on" to extend it's functionalities): http://www.usa.canon.com/cusa/support/consumer/printers_multifunction/i_series/i850_series#DriversAndSoftware File Description Date Size Printer Driver Add-On Module Ver.1.10 (Windows 7/7 x64) 07/20/11 4.10 MB File Name: aomwin110ea23us.exe This software is a module that expands the functionality of the printer driver for Canon Inkjet printers. Your printer must be installed via Microsoft Update before you download and use this module. By installing this software, you can use the printer... Maybe the built-in driver is not "specific" for the I850 but it is rather (like as an example many HP printers ones "generic") see if you can find in Windows Update a driver for a "similar" printer, like the i 860 or i865 ... According to this: http://download.microsoft.com/download/0/F/E/0FE9AFD7-8214-4989-BA8F-485055AD263B/Inbox%20Printer%20Driver%20Names%20for%20Windows%20Vista.pdf drivers for Vista exist (though the file says nothing if that is 32 or 64 bit). jaclaz

Among the many "virtual disk" formats a VM can use there is a "snapshot" one (which actually is comprised of a "base" image + one or more "differencing" images, see: https://www.vmware.com/support/ws55/doc/ws_preserve_using_sshot.html https://www.vmware.com/support/ws55/doc/ws_preserve_sshot_linear.html https://www.vmware.com/support/ws55/doc/ws_preserve_sshot_tree.html and: http://sanbarrow.com/vmdk-handbook.html http://sanbarrow.com/vmdk-basics.html#snapshots http://sanbarrow.com/vmdk-snapshots.html#translatebuttons It is an exceptional good method/way to do experiments, like change settings or install/uninstall applications, etc. as what it is saved at each "snapshot" taken is just the "delta" when compared with a base image, but it is not like if you completely change the contents of the virtual disk attached it will take the same few seconds to take the snapshot and/or to restore to a previous one. Since when doing this kind of experiments the changes compared against the start are usually very small, then the time to take the snapshot and/or to restore to it are also very small, but if you change lots of things, then it will take a proportional amount of time. As well, if you create a tree with tens or hundreds of snapshots, things may start to become not-so-fast. The key here is to understand how a snapshot (or Redo) image is only "valid" if attached to it's parent image, and it only records the changes happened inside the VM when compared to the parent image (which is "established once and later remains unmodified"). HTH. jaclaz

And these confirm: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24786/en_US/McAfee_Labs_Threat_Advisory_Ransom_Cryptolocker.pdf http://www.symantec.com/security_response/writeup.jsp?docid=2013-091122-3112-99&tabid=2 how, if cryptolocker cannot connect to his (hardcoded, main) "home server", it tries to connect to a "random" domain to transmit the AES encryption key. Maybe the good NCA guys managed to block the 184.164.136.134 and all the generated domains, but all the authors of the malware have to do is to procure a bunch of new domains, and modify the binary, and re-infect files on the web. I am failing to see how the "two weeks" can be estimated. Seemingly the peeps from OpenDNS have reversed engineer the DGA algorithm: http://www.opendns.com/enterprise-security/products/cryptolocker-containment-is-the-new-prevention/ http://info.opendns.com/rs/opendns/images/DS-OpenDNS-Combating-Ransomware.pdf and claim that if you use such a DNS "Umbrella", the malware is prevented from connecting to any of the generated domains, it is possible that the NCA used a similar approach. jaclaz

Giving you another occasion to nit-pick on them? No thanks. The messages that I believed were worth of note were delivered fine, I have nothing else to add on this topic, see you on a next one . jaclaz

You can use Universal Extractor: http://www.msfn.org/board/forum/159-universal-extractor/ though what it will do will be simply that of running the file with parameters /q /x <outdir>, i.e. expanding it's contents in an a sub-folder. JFYI, there is a newish updated version here (UNofficial): http://www.msfn.org/board/topic/171930-new-unofficial-version-165/ jaclaz

Without all due respect , be my guest, scan this : jaclaz

Sure , that is the idea of "cannot (should not)" it doesn't mean that you really-really cannot, i.e. that every attempt will result in a failure, only that it may happen, and that happens more often then "from time to time" or "seldom". As I see it is not a real issue, as when it happens one can always revert to start again from the untouched original, but historically all the whining happens because of one or the other between the listed two reasons. If you prefer : http://www.msfn.org/board/topic/158485-international-translations-of-common-signs/ "E' pericoloso usare nlite più di una volta" "Please do not use nlite more than once" "Verwenden Sie nicht mehr als einmal nlite" "Priere de ne pas utiliser nLite plus d'une fois" jaclaz

Maybe it could be useful if you could post where exactly can that value be changed? (or where it is the current 300000 ms currently set/stored)? jaclaz

Sure . The only issues with nlite (which are hardly an issue, only a nuisance) are just of two kinds AFAIK: you cannot (should not) EVER run nlite on an already nlited source, even if what you did was a trifling little thing, ALWAYS start from scratch from an original "untouched" source <- and this is somehow a limit/defect of the actual program you should not overdo it and, because of #1 above think a bit about choosing what to remove, as re-adding what you removed (but actually later found out as needed) is always rather complex, and very often not even possible at all <- and this is somehow a limti/mistake on the user part, but it is so common that there are tens or maybe hundreds of threads started by people that removed too much and ask how to re-add this or thatjaclaz

Well, is the issue: EAC+Daemon Tools *any program* dealing with CD/DVD's+Daemon Tools EAC+*any* Virtual CD/DVD driver known to mankind (among the many MS virtual CD, IMDISK, WinCDemu, Total Mounter) *any program* dealing with CD/DVD's++*any* Virtual CD/DVD driver known to mankind (among the many MS virtual CD, IMDISK, WinCDemu, Total Mounter)If #1 or #2 it seems to me not such a big deal (just use something else that works instead of Daemon Tools ). If #3 or #4 then it may be an issue or a serious issue. jaclaz

I don't get it. I cannot say anything about GameOver Zeus. But Cryptolocker is not AFAIK in any way "stealth", once (if) you are infected by it, it will quickly encrypt all your data, so it is not something that you may have already got and have unknowingly on your PC, IF you get it you are pretty much pwned immmediately or so. jaclaz

For no apparent reason, this machine: http://www.lancashirelife.co.uk/people/kendal_brown_house_continuing_the_art_of_snuff_production_1_1569201 produces snuff tobacco since 1792 (but is was re-cycled and was actually built originally around 1750). Sometimes "old" does not mean "outdated" or "no good", sometimes it simply means "thoroughly tested and working" . jaclaz

Well, IMHO something that should be tested (on those not working) would be to try with a "valid" partition ID, let's say 0x83, i.e. it is possible that some of those not working don't "like" the 0x00 partition ID. jaclaz

I think it is "intended" or "by design". If you think a bit about it, there is some logic in the behaviour (both in the "Windows" and in the "Linux" one, though "different" logic). Let's see what Windows does (more or less ): let's check the partition ID in each partition entry in the MBR if it is 0 ignore the entry if it is non-zero compare it against a list of known partition ID's if it is NOT among the known ID's AND the partition addresses are OK, show the partition in disk manager as "unknown" if it is among the known ID's AND the partition addresses are OK, probe the volume for the actual filesystem used AND IF this probing results in a known, valid filesystem, show the partition in disk manager with the proper volume filesystem type AND mount it (assign to it a drive letter in explorer) if it is among the known ID's AND the partition addresses are OK, probe the volume for the actual filesystem used AND IF this probing results in an unknown, OR invalid filesystem, show the partition in disk manager AND mount it (assign to it a drive letter in explorer BUT as soon as you try opening the volume you are prompted for formatting it)Remember that if the partition type is 0x07 not necessarily it is a NTFS filesystem, as exFAT (and I believe also UDF filesystem in Vista and later) use also 0x07, remember also how - unlike on Linux - partitioning and formatting are "linked together", i.e. it doesn't really exists a mkfatfs (or similar) under windows, as when you format a volume, the volume resides on the device, and the format command also updates the partition ID, as better explained in the given link: http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/determining-filesystem-type.html there is the need for "volume bootsector probing". Now, we are used to a bunch of filesystems (FAT, NTFS, etc.) that do have the BPB in the bootsector and the bootsector is the first sector, but as an example UDF, has not (like CDFS) this, the good Linux guys are used in Ext2/3/4 to have it at a fixed offset from the beginning of the volume. As a side note, try opening a isohybrid .iso with Winimage or with 7-zip, last time I tried Winimage "opted" for it being a (hard disk) volume, whilst 7-zip "opted" for it being a CD/.iso: http://reboot.pro/topic/9076-the-mistery-of-windows-7-install-required-cddvd/?p=172168 http://reboot.pro/topic/17715-iso-image-with-mbr-and-small-fat-partition/ http://reboot.pro/topic/9916-grub4dos-isohybrided/?p=86292 Let's see what Linux does (probably, please understand how while the previous ones are educated guesses about how a windows NT works, the following are more wild than educated guesses and I may well have some terms or concepts "wrong" or worse): let's check the partition ID in each partition entry in the MBR No matter if it is 0 or any value, link the addresses in the entry to a valid device, like /dev/sda3 check the addresses in the partition entry are valid, AND IF they are valid, probe the volume for the actual filesystem used AND IF this probing results in a known, valid filesystem, proceed to mount it (if automount is enabled) and create a mount point for the extents described in the partition entry more or less the Linux fdisk will "see" (just like device manager) *any* partition whose addresses are defined in the MBR, no matter if the eatents contain a valid (recognized) filesystem or not. In the case of a "normal" .iso, most probably the Linux *whatever* checks sector 16 (which will be sector 48 because the device will have a 512 bytes sector size) and finds the CD001 and in the case of a isohybrid .iso checks first sector, understands that it is a MBR and not a volume bootsector and proceeds to check for the EXT2/3/4 superblock, doesn't find it, then goes on and checks sector 16 (please read as 48), and decides it represents a valid CDFS filesystem/volume. What would be very interesting at this point would be IMHO to experiment on Windows with the UDF filesystem (on Vista or later) as the UDF can be used both as a hard disk volume and as a CD/DVD filesystem. It is possible that "directly" or with a trick or two, we could manage to have under Windows a working entry in a partition table for a UDF volume which is actually a UDF .iso .... jaclaz

Sure I can confirm that a "normal", plain, Linux .iso image NOT isohybrided usually works through partition mapping (I seem to remember that there are a few that do not anyway). The whole point is a specific feature of the Linux kernel/way of working (that not necessarily is common with BSD). None of the several Linux .iso images that Easy2boot supports (but that you can of course map directly without using Easy2boot at all) through ISO partition mapping are modified in any way (and this is actually the big advantage of the method in general and of Easy2boot speciifcally), and AFAIK none of them are isohybrided (but I could be wrong about this latter). Now that you make me think about it, I cannot confirm that an actually isohybrided image works this way, never tested that. As a side note, gparted does NOT recognize an actual partition CDFS formatted as a valid one, though the method (though not with a partition ID of 0x00, but rather with a "normal" 0x83 partition ID) is used by a few particular Linux distro's, see as an example, Zeroshell: http://www.zeroshell.org/ and: http://gparted-forum.surf4.info/viewtopic.php?id=16632 The (nice) idea of that distro (which is a specialized "firewall/router" distro) is that the actual OS should be UNmodifiable and capable of working when booted from a CD/DVD, using *any* available media to save settings and logs, the hard disk or USB stick image in it is nothing but the actual CD/DVD version with a "loading" partition before and a "settings partition" after. jaclaz

I hate to be picky , but actually I am picky. ISOHYBRID is not involved at all in this. An isohybrid .iso is a particular form of (non-standard) .iso that CONTAINS a MBR, in practice the fact that the ISO9660 standard has the provision for it's bootrecord on sector 16 leaves the first 16 sectors (of 2048 bytes) empty and unused, and one can take advantage of this to do queer things with this space. As a shameless plug see here what can be done with it (different from isohybrid) COSMIAS: http://reboot.pro/topic/17807-release-cosmias-a-new-approach-to-g4d-images/ The nice trick by cdob works along a different principle. Any "normal" CONTIGUOUS .iso extents can be mapped to a partition entry in the MBR. If you think a bit about it, a partition entry is nothing (abstracting for one moment from the differences between CHS and LBA, let us assume that CHS is not used anymore, or that the whole extents are above the 8 Gb CHS limit) but an address table. In a MBR entry for a "normal" volume/partition there are just three pieces of information: a partition ID the start address of the partition the length (or extents) of the partitionSo, nothing prevents from writing to an otherwise unused partition entry some values to the effect of mapping a contiguous area of the disk as if it was a partition. Windows will ignore an entry in partition table with ID 0 (0x00). Linux will check anyway the actual addresses in the entry and, if it detects that the addresses correspond to a valid volume/filesystem (CDFS in this case) it will mount/access the .iso fine, for all it matters to Linux, it is a partition like any other one. If you prefer, the partition ID is - contrary to what has been for years the beliefs of many (I would say most) people - not really a partition ID, but rather a "protective ID": http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/determining-filesystem-type.html jaclaz

Sure you can, and very likely nothing will happen to you. I mean: How many people do you know personally that have been attacked by an Office virus ? How many cases have you read about people that have been attacked by an Office virus ? What were the consequences of these attacks? The difference is only that if you are attacked by such a virus, you cannot blame anymore the fault on the good MS guys. In any case, EVEN IF Office 2003 was actually still supported, you wouldn't anyway be able to have support from them, as you would be using it on POSReady 2009 which EXPLICITLY prohibits the use of "Office productivity applications". BTW, allow me to doubt that you (or Flasche or anyone else not actually running a POS) actually have a valid license for POSReady 2009) , as those license were OEM only and were invariably released together with a "vertical" piece of hardware. @bhplt Now an interesting point could be whether PowerPoint can be defined as an Office productivity application . jaclaz P.S.: Flasche cited some (partial) info without quoting the source. Here it is: http://seclists.org/fulldisclosure/2012/Mar/17 http://seclists.org/fulldisclosure/2013/Aug/225 The "final" post: http://seclists.org/fulldisclosure/2013/Sep/125 may be useful to understand the kind of security support the good MS guys provided in the past on the specific product. The latter also contains a link (from the mouth of the wolf ) that may be useful to better understand the limits and extents of security related support: http://technet.microsoft.com/library/cc722487.aspx

You are right, never underestimate the dangers of opening an Excel or Word document. jaclaz

Sure http://reboot.pro/topic/17959-technical-explanation-and-comparison-of-usb-booters/?p=168005 jaclaz

Good , and I know how you are in perfect good faith , but still one thing is recommending among the available choices a given one, and another is making it sound like it is the only option. If you re-read your post it sounds (at least to me) more like an ad for the specific make/model than a technical advice. Carpenter's example : Q. What kind of tool do I need to drive nails into wood? A1. A hammer. A2. A Stanley FATMAX Xtreme® AntiVibe® Curve Claw Nailing Hammer. A3. Any hammer preferably with a a longish handle and head weight between 200 and 400 g, would do, personally I have had a very good experience with the tools manufactured by Stanley, I have a FATMAX Xtreme Hammer and I find it a very good tool. @Weed As explained in the given link *any* of the fastish USB 3.0 "new generation" sticks are using a Sandforce chip, and they are different from the "common" sticks we are used to because they are actually a USB to SATA bridge connected to a SATA SSD, so they are all set to "fixed". jaclaz

Not necessarily a need specifically for a Sandisk Extreme. *Any* USB 3.0 stick using a Sandforce will do, see: http://reboot.pro/topic/19827-sandisk-extreme-pro-usb-30-flash-drive/ Almost *any* "common" USB 2.0 or 3.0 stick by using its Manufacturer Tool (risky ) can be set as "Fixed". jaclaz

It's not about liking or not liking Steve Gibson, and in this specific case, set aside the usual incredible amount of words he can mine from *nothing* he is not particularly worse than others, it is only about the "speculative" parts that everyone has been contributing to. It seems to me an episode of mass hysteria over a complete absence of factual info. Quick recap for those that do not want to read pages and pages and pages of speculations, senseless comments, conspiracy theories (and the contrary of them). FACTS: Truecrypt was not modified (no new releases) since February 2012 (Version 7.1a) NO practical methods to crack it's encryption were ever published (not before, nor later the above release) The software is undergoing a full audit that, at the moment (end of stage 1) found NO vulnerabilities of relevance *Something* (of very unclear nature) happened to the project and it's homepage The Authors of the software have, since the beginning of the project, kept a totally anonymous profile, so that - not entirely unlike the known Bitcoin issues - there are no ways to contact them, nor any way to guarantee that someone is a member of the developing team Jaclaz's personal OPINIONS: Encryption is - in most cases - a perfect way to lose your precious data and it is largely used without an actual reason by the large majority of the people that is now crying wolf The Truecrypt encryption, and particularly the 7.x version has proved to be exceptionally robust, in the sense that there are no known vulnerabilities worth mentioning, notwithstanding the fact that its source is open and that its approach is substantially the same since long before 2012 It usually makes NO sense to use Truecrypt encryption (or any encryption at all), it never made sense and it will never make sense if not for a very limited number of people that may actually need it (and these people are seemingly not panicking publicly) The auditing of the code is a very well managed initiative and soon it will be able to clear if (and still it remains not very probable) *any* vulnerability that the existing releases may have. Whatever happened to the Authors, to the home page and to the project will soon be - if not cleared - overcome by the initiatives of the Internet community Nothing to see here, move along peeps. And now, XKCD : http://xkcd.com/538/ jaclaz

Well, just for the record my usual approach to a Windows batch issue is: can it be done natively with built-in commands? if not can it be done with one of Nirsoft's nircmd or some of the other nice tools? if not let me see if another suitable tool exists... In this occasion I somehow missed point #2 . All is well that ends well.... jaclaz

Believe nothing. Consider how a considerable part of Steve Gisbson's fame is connected to senselessly hyping otherwise rather plain matter facts and crying wolf over and over. Wait. (not making a fuss about it while waiting would be a plus, buit is of course completely optional) Some wise words : https://www.schneier.com/cgi-bin/mt/mt-search.cgi?tag=TrueCrypt Remember that (it doesn't matter if you used Truecrypt or *any* other encryption software) if "they" were after you, "they" would have ALREADY got you and all your bases ALREADY are belong to "them". jaclaz