First step to a cleaner and faster Windows – understand the Registry

(Please make sure you read all the pages linked under the Links section after you finish this article)Microsoft Windows Operating Systems starting from Windows 3.1. Before the registry was introduced, each application program used “ini” files to store their configuration. This was rather messy. Windows registry was first used only to store the OS core configurations only. Later this was changed and the application program configuration were also saved in Registry.

The first step in knowing the registry is of course seeing it. Registry is ordered hierarchically and consists of six main “hives” which get their names from API definitions :

HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM), HKEY_USERS (HKU)
HKEY_CURRENT_CONFIG, HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA

each of these hives are further divided into sub-directories (sub-keys) in a hierarchical order. You can see these sub-keys when you click expand (+). These sub-keys contain other sub-keys and so on. This is shown in the above image.

Editing the registry

You can access registry by two methods, using RegEdit GUI tool or using “reg” command through Command Prompt. Since RegEdit method is easier, we will be discussing that method first. To open the graphical registry editor go to Start»RUN (WIN+R) , type “regedit” and press ENTER (You can find out more shortcuts in – Keyboard shortcuts for Windows). You can see the registry editor showing the two panes, one on the left showing a folder like structure (keys) and one on the right which will show the values saved in each key.

Regidtry with Hives/Keys values marked
Registry editor screen capture with Hives/Keys, Sub-keys and Values marked.

Using command prompt this process is not very straight forward. To open a command prompt, go to START»RUN (WIN+R), type cmd and press ENTER. In the command prompt type “reg /?“. ( Any command followed by /? will show a help for that particular command). You can start using command prompt for automating registry editing.

Screen capture of reg command help
reg /? will produce a small help for the command line registry editor.

Since we have two tools built-in to edit registry, we can use both of them to take a backup as well. Easier one first.

Editing the registry can be tricky. If you change some value to the wrong ones, your OS may get configured wrongly and may not necessarily be recoverable (something of a joke, but still need to warn some poor souls). Having said that it should be obvious to you that taking a backup of your registry is the best way to prevent future disasters. So we will first learn how to take a backup of the registry, even before we have learned how to edit it!

Taking a backup

Taking a backup of the registry will produce a “.reg” file, which,when opened is capable of writing the values stored in it to the registry. One thing to know is that System Restore will also create a backup of the whole registry, but this is not directly accessible.

Screen capture of opening a reg file
Opening a registration entry file prompts you to add it to the registry.

Here is the easy way. Go to registry editor “regedit” navigate tot he key you are about to edit (or not edit) and click on the KEY not not he value. You can either right click on the Key or Select File menu and then “Export”.

Screen capture of two ways to export/backup the registry
Select Export after clicking on a Key from Context or file menu.

Select the option to backup either the selected key or the whole registry. Give a name to the backup file and save. A good practice would be to give a date based name and add a bit that allows you to remember what settings you changed. You can double click on this file and restore it anytime you want. Please make sure you take a backup or a restore point before any editing.

Screen capture of options when saving a reg file
You can opt to save whether to save the whole registry or selected key

Since the easy way was fast, lets go to the slower and harder way. The command prompt command. reg command has got a command line switch which will allow you to take backup of the specified Key. the format is

reg export FULL_KEY_NAME FILE_NAME.reg

Screen capture of registry backup via reg command
Using reg command to export a registry Key - check out the crappy file name

It is pretty useless to copy each and every available command options here. Microsoft has got a really good documentation on reg command. You can read abut Registry commands and advanced techniques in the Links section. If you have any doubts or issues, post a comment and I will get back to you soon.

Good Practices

There are some easy ways to revert to a previous setting if you get screwed up changing a setting. Like when editing important files, make a copy first, name it to something like older_VALUENAME under the same Key itself and name the new Value as the original one. If anything goes wrong you can just rename the backup and save the day.

Registration entry file | Basic read on windows Registry | Recover from corrupt registry

Protecting your childs online prescence

Children today are far more ‘exposed’ to technology than once their parents were. Along with the benefits of the internet, more and more websites pop up each minute that could get them in trouble. Pornography, contact with strangers, Social networking addiction and games are just a few of them. With the curiosity of a kid he likes to know ‘what it is?’. So I am starting a series of posts on parental control and internet security.

Sometime back I did a post on how to control the time users can log in to Windows XP. Since I added “Parental Control” to the title, there had been many visits to the article. This actually made me feel like I was cheating all those visitors. These people were coming here,expecting to find a way to prevent their children go the wrong way on the internet. And what was I giving them? A rather geeky and crappy way of controlling the log in times. That’s why after a long long time I decided to write some real and not so geeky ways of implementing a parental control.

In this article I am going to tell you some good points to note before you setup a full parental control.

  • Educate your children about the bad of getting addicted to internet, games,porn etc
  • Put the PC with internet access in a common area, so that you can always have a look
  • Make the modem setup such that it connects to the internet only on request rather than always on.
  • Its better if you can put a router in between the computer and modem.
  • Be strict about ‘when’ kids can use the computer

There are some plug-ins available for almost all browsers that will make surfing rather safe. One such plug-in is the Web Of Trust Plug-in. It is available for FireFox, Internet Explorer as well as Chrome. But the problem with all these plug-ins are that they can be overcome by some way. although the procedures can be complex, they can still be overcome. That’s why we need a much stronger method for parental control. From the third article in this series onwards I will be discussing methods by which parents can actually implement strong website filtering on their computers.

How to Disable Autoplay/Autorun

As we discussed in the last post in the series, the best way to prevent infection by a Virus is to Disable Autorun. So how do you disable Autorun? The easiest way to do this is using Group Policy Editor which is a Microsoft Management Console Object. To Turn Off AutoPlay/ AutoRun follow these steps :
Watch this step by step Flash Tutorial

1. Goto START»RUN gpedit.msc

2. Browse to the folder Computer Configuration»Administrative Template»System.

 

goto Computer Configuration»Administrative Template»System


3. Scroll down and Open Turn Off Autoplay option.

4. Enable it and select All Drives

Select All Drives


This will be a system wide change. Instead if you need to turn Off Autorun just for your user account do the same in the folder –

User Configuration»Administrative Template»System

Please read the previous post in the series for some more useful tips on preventing Viruses.You might want to use the Address bar tip give at the end of last post in this series too.

Securely wiping off data from a drive

In the previous post we discussed why deleted files are recoverable from a drive? So lets look at how we can actually remove the file contents from the hard disk which may be needed if you have got confidential data. In any of the present filesystems, the OS doesn’t actually wipe the data contained in a file when it is deleted. But rather the metadata of the file is deleted. In order for a file to be unrecoverable it should be overwritten with some random data. To save processing and other system resources, the OS will simply delete it from corresponding indexes.

Peter Gutmann of Auckland University presented a paper that explained recovering data that has been overwritten by other data on a Magnetic storage media. Theoretically this could mean anybody can recover data aging back to any time from a drive, but practically this is very hard (forget about the any date part). Even recovering data with just a single pass overwrite is difficult.

The number of passes used during an overwrite of a file to render it unrecoverable doesn’t need to be given much importance for normal uses. A 4 pass would be sufficient if you have the time. If your disk fills up easily you may need to use just a single pass and save time.Here a pass means writing the file using pseudo random data in order to render it unusable.

If you have anything confidential on your harddisk, consider deleting it using a file shredder like Window Washer, sdelete, or using a degausser.

What are the hidden files and folders

This is a small list of folders and files which were displayed by the method mentioned on the previous post in this series.

Hidden folders and files in C drive of Windows
Hidden folders and files in C drive of Windows

Recycler : Recycler is aanother form of Recycle Bin. The Recycler folder contains a Recycle Bin for each user that logs on to the computer, sorted by their security identifier (SID).

System Volume Information : This contains the log files and backups of important System Files that are used for System Restore in Windows. (System Restore allows you to roll back all the settings and System Files to a previous time)

MSOCache : MSOCache is the folder that contains cached Office installation files. The folder is safe to delete.

NTLDR : This is the Windows NT boot loader. This is replaced by winload and Windows Boot Manager in Windows Vista

NTDETECT.COM : This file is used by Windows NT during startup to detect basic hardware required to boot the OS. This is used for Systems having BIOS.

Autoexec.bat : is most often used to set environment variables such as keyboard, soundcard, printer, and temporary file locations. It is also used to initiate low level system utilities.
These are the main folders and files in XP.

pagefile.sys : This is the actual pagefile, as the name indicates, of Windows. This file is used as virtual memory on your system.

hiberfil.sys : As the name indicates this is the file used for Hibernation. While hibernating the system stores all the content of the RAM to this file and shuts down. The next time you start your system the RAM contents are restored from this file.

Points to note while upgrading to an LCD flat panel display

An LCD flat panel display is much better for your eyes if you spend a lot of time in front of a computer. If you spend a little more money than a CRT monitor you can get a sleek ,light and less power hungry LCD TFT display. I was recently searching for an LCD monitor and finally bought the HP 1908w 19″. So I was forced to do a little research (lol) in the area. I am sharing it because some of you may get some benefit from it.

HP 1908w TFT screen

Size :

If you are using the LCD for daily work and not for group entertainment (like a movie) you will not need much larger than a 19″ screen (or may be 22″ if you go that far).

Aspect ration :

Aspect ratio is the ratio of width and height of your screen. 4:3 means for 4 units of width 3 units of height is taken (like 1024x 768 is 256x4 and 256x3). If you like to use your monitor mainly to watch movies go for a 16:10 wide screen aspect ratio. You can get 16:9 also on some Samsung models. If you plan to use it mainly for document editing and office work it would be better to go for an aspect ratio of 5:4 (10280×1024).

Response time :

Response time would not be much of a concern to you unless you are a die hard gamer. If you are then go for something like 5ms or faster (3ms). The Gray to Gray response time is more of a use to the customer actualy.

Contrast :

To put it in simple terms contrast is the intensity difference between Black and White pixels. Go for higher contrast.

Brightness :

Here also the higher the better. but never settle for anything lower than approximately 280cd/m^2.

Connectors :

VGA the 15 pin connector is a standard. Go for DVI or even HDMI ports. Here even if you don’t have a graphics card that supports DVI you can use the monitor with the VGA cable. (VGA is th 12 pin connector – normally blue that you can connect to the onboard graphics of any computer).

Price :

Here in India you can get a decent 19″ LCD screen for upward of 220 US dollars. If you need more features you got to spend more.

Bottom Line

Go for LCD monitors as they provide you with maximum screen size(viewable) in any size class. If you are a professional designer or something there are only very few LCD TFT screens that can compete with CRTs as of now. Search for more than three manufacturers and in more as many shops as you can. Always ask for a demo of the product if you haven’t seen one of the models before. Use the monitor in a dark room also if possible. Play a movie and also ask for the warranty details.

Virus infection by autoplay, how to prevent it

One of the main reasons of rapid spreading of viruses is due to the presence of Autoplay in Windows. Autoplay feature was originally introduced to enhance user experience. An easy way for a virus to enters a PC is through exploiting this option. You can see Autoplay in action when a driver CD of you Motherboard or a Printer start its installation process as soon as you inserts it. Here let us look at how Autorun can be added to a drive (CD, USB, HSS etc..) and make it Windows open a program automatically when you puts it in or double clicks it.

Adding Autoplay to any drive is as easy as creating a text file and typing some commands into it. Have a look at the Autorun.inf file (this makes Windows run programs automatically from CDs) of the Microsoft Office 2007 CD.

Autorun file can add options to the default right click menu.

The Right Click menu has been modified according to the entries in the autorun.inf file. The file need to be saved with the name Autorun.inf  The bad part is that autoplay can be added to any drive. And a virus can create an autorun file in a USB drive inserted into an infected system. It then makes the autorun file such that not only does the autoplay option open an infected file but the Open and Explore commands in the right click menu will also do the same.

This is the Screen shot of an Autorun.inf file created by the virus Infostealer.Wowcraft.D virus

An autorun file created by a Virus

It will automatically install itself with out you ever knowing, if autoplay is enabled. You might have figured out how easy a virus can infect a Windows based system.

Prevention :

As they say prvention is better than cure. Here are some steps you can take to prevent infection of viruses due to Autoplay.

1. Disable autoplay

2. Always Open a CD or Pen Drive (USB stick) by using the pull down menu of your address bar. You can also type the drive letter followed by a “ : ”  eg. D: in the address bar or Run box and press enter.

More about disabling autoplay will be posted in the next post.

How to view all drives, Disk Management under Windows

The Disk Management object under Microsoft Management console can be used to Change Drive letter association, find unrecognized partitions or Mount a logical drive into a folder as in Linux.

If you want to prevent access to a drive, read 2nd tip in “Points to note” given after this post or read how to Prevent access to select drives using Registry.

One of the key differences between Windows and Linux is the tree structure used in Linux for filesystem. In Linux everything is a hierarchical leaf or branch of the Root “” directory. It was only recently that Linux started loading (mounting) drives other than the system drive automatically. (If you want to know more,  here is an article which will explain the Linux file hierarchy). To implement the Linux style tree structure in windows is pretty easy and is explained here.”

Open Disk Management object by typing “diskmgmt.msc” in START » RUN box or in Command Prompt. Here you can see all the Primary (Blue) and Logical (Green) partitions available on your system.

Disk Management Console object - screen shot.

You will be able to see the Linux partitions too. Select a drive and Right Click on it. Here you can see an option “Change drive Letter and Paths“. Under this option you can remove a drives letter change it or mount a volume into a folder.

Mounted Drives

Screen shot of my H and G drives mounted in a folder “C:Drives”

Some points to note here are …

1. You cannot remove the drive letter association of your system drive.
2. If you do not assign a drive letter or mount the drive to a folder on another drive it will not be accessible by any means in Windows.
3. You can’t add more than one drive letter to a drive.
4. To mount a volume the folder must be on a different partition.

Consider reading The post on Microsoft Management Console if you want to know more.

Microsoft Management Console – make administrative tasks easy

This is the start of a series of posts that will guide you through using Microsoft Management Console to manage your system. In this post most of the text has been excerpted from the MMC help file. The MMC allows you to control and manage the many available options from an easy to use interface. All the options are also available from the Windows Registry. But for many dealing with Registry is not an easy task. Also for simple administrative tasks involving MMC using the Registry will be an overkill for many. (You can find the posts on Registry here) The following i a brief into to MMC from the MMC help available in Windows XP.

The extension of console objects are always msc representing Microsoft Console. They can be found under %systemroot% system32 ” folder. A backup copy of each could be found under “%systemroot%system32 dllcache ” folder

Introduction to MMC

Microsoft Management Console (MMC) can be used to create, save, and open administrative tools (called MMC consoles) that manage the hardware, software, and network components of your Windows system. MMC does not perform administrative functions, but hosts tools that do. The primary type of tool you can add to a console is called a snap-in. There are two general ways that you can use MMC: in user mode, working with existing MMC consoles to administer a system, or in author mode, creating new consoles or modifying existing MMC consoles.

The following administrative tools appear under Windows XP

Component Services

Used by system administrators to deploy and administer COM+ programs from a graphical user interface, or to automate administrative tasks using a scripting or programming language. Software developers can use Component Services to visually configure routine component and program behavior, such as security and participation in transactions, and to integrate components into COM+ programs. For more information, see Using Component Services.

Computer Management

Used to manage local or remote computers from a single, consolidated desktop utility. Computer Management combines several Windows XP administrative tools into a single console tree, providing easy access to a specific computer’s administrative properties. For more information, see Using Computer Management.

Data Sources (ODBC)

Open Database Connectivity (ODBC) is a programming interface that enables programs to access data in database management systems that use Structured Query Language (SQL) as a data access standard. For more information, see Using Data Sources (ODBC).

Event Viewer

Used to view and manage logs of system, program, and security events on your computer. Event Viewer gathers information about hardware and software problems, and monitors security events. For more information, see Using Event Viewer.

Local Security policy

Used to configure security settings for the local computer. These settings include the Password policy, Account Lockout policy, Audit policy, IP Security policy, user rights assignments, recovery agents for encrypted data, and other security options. Local Security Policy is only available on computers that are not domain controllers. If the computer is a member of a domain, these settings may be overridden by policies received from the domain.

Performance

Used to collect and view real-time data about memory, disk, processor, network, and other activity in a graph, histogram, or report form. For more information, see Using Performance.

Services

Used to manage the services on your computer, set recovery actions to take place if a service fails, and create custom names and descriptions for services so that you can easily identify them. For more information, see Using Services.

# To open MMC, click Start, and then click Run (WIN+R). In the Open box, type “mmc“.

# The consoles available in Windows XP are listed below. To access any just type their name (include the .msc) in Windows Run box (WIN+R)

certmgr.msc
ciadv.msc
compmgmt.msc
devmgmt.msc
dfrg.msc
diskmgmt.msc
eventvwr.msc
fsmgmt.msc
gpedit.msc
lusrmgr.msc
ntmsmgr.msc
ntmsoprq.msc
perfmon.msc
rsop.msc
secpol.msc
services.msc
wmimgmt.msc

The follow up posts in this series will deal with managing you computer with the MMC.

How to find out all open ports, connections and originating IP addresses

netstat is a command available in both Windows and Unix to analyze local ports that are open and all the connections to those ports. The syntax of the command is very simple.

Netstat in action showing my IP and Ports

In the picture above a verysimple example of seeing the ports and connections is shown. The -ano option tells a – all connections n – do not attempt to resolve name o – show the process ID.
The advantage of resolving name is that you can identify a LAN or Internet connection server easily.

Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.
Syntaxnetstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
Top of pageTop of page
Parameters

-a : Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.

-e : Displays Ethernet statistics, such as the number of bytes and packets sent and received. This parameter can be combined with -s.

-n : Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.

-o : Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p.

-p Protocol : Shows connections for the protocol specified by Protocol. In this case, the Protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics by protocol, Protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.

-s : Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol for Windows XP is installed, statistics are shown for the TCP over IPv6, UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set of protocols.

-r : Displays the contents of the IP routing table. This is equivalent to the route print command.

Interval : Redisplays the selected information every Interval seconds. Press CTRL+C to stop the redisplay. If this parameter is omitted, netstat prints the selected information only once.

/? : Displays help at the command prompt.

Automatically refreshing the connection details (click to enlarge image in a new window)The second image shows the capability of netstat to auto refresh. the interval given is in seconds. the 2 indicates refresh every 2 seconds. This is used to continuously update the screen with the current connection informations. You can use this option to onitor which all connections are occuring at each time and the status of different connections. To abort from the autorefresh mode you can press CTRL + C and return to the normal Command Prompt

TCP View – netstat with GUI

TCPView from Sysinternals (now a part of microsoft) did a good job by giving a user interface to the netstat command. TCP View by default shows the remote connection name also.

TCPView from Sysinternals a screenshotThe user interface is neat and clutter free and the download is extremely small at only 94Kb. You have the option to enable or disable Name resolving from IP. The update speeds are also configurable. The main advantage is that you are shown the process names responsible for all the connections directly in the UI. netstat could only display the PIDs.With a little experince you can start monitoring for outgoing and incoming traffic and control them easily using these tools. To control a connection there are two basic options provided with TCPView – Kill Process (to kill a process responsible for the connection) and Close connection. Both os the tools also show the status of the signal.

How to download videos as mp4 from youtube site