Re: Windows Installer Help Wtd

The message <rq8fi313tenmjmftfcvv4frmli4mim241f@xxxxxxx>
from Albert Ross <spam@xxxxxxxxxxxxxxxxxxxx> contains these words:

On Tue, 23 Oct 2007 14:06:50 +0100, Johnny B Good
<jcs.computers***@xxxxxxxxxxxxxxxx> wrote:

The message <3s3ph3lic9o3vcc849vmbq3f8b3krs7clq@xxxxxxx>
from Albert Ross <spam@xxxxxxxxxxxxxxxxxxxx> contains these words:

On Sat, 20 Oct 2007 14:58:27 +0100, Johnny B Good
<jcs.computers***@xxxxxxxxxxxxxxxx> wrote:

The message <solhh3h8c5decjr56a6o5pltpvuflksorn@xxxxxxx>
from Albert Ross <spam@xxxxxxxxxxxxxxxxxxxx> contains these words:

I presume you have set it to disabled. I also presume you have done
this to reduce the risk of having PUPs inflicted on your machine. Is
there a lot of drive by malware that relies on this service?

Paranoia is your friend. I disable everything I don't need as a matter
of principle, nail down my firewall, run behind a NAT router and a
HOSTS file and use Kaspersky and as few Microsoft programs as possible
and I've never (yet) been infected. I honestly don't know the answer
to your question but keep it off "just in case". I fart in the general
direction of nastyware.

(control panel - performance and maintenance - administrative tools -
services)

Forgetful people like me forget to turn it back on when actually
trying to install something . . .

But I'm sure you realise quick enough why the install failed and
exactly what remedial action is needed to allow a second attempt to run
to completion. A small price to pay, if it helps protect against PUPs
and worse.

Keeps me on my toes, yes (also having to remember to turn Windows
Update and BITS on for updates, and then off again, can't really
hurt.)

The thing is, does _any_ drive-by-download malware use the .msi method
to install itself? ISTM that such malware installers are entirely self
contained and standalone.

I suppose there are some legitimate (fsvo) but 'waste of space'
programs that you could block in this way but it seems to me that this
wouldn't be a frequent event to be guarded against, and, in any case,
they can easily be uninstalled (or the installation cancelled).

Another point is those damn annoying things like Adobe Reader which
decide to update themselves when you're in the middle of doing
something.

Right! In that case, a very good reason by itself to disable the
service. :-)

I have a natural dislike of *anything* running on my boxes without my
direct permission or under my direct control, about the only thing I
allow to automatic updates is the antivirus. Adobe Reader is about the
most annoying autoupdater I've found, second is the MSI Mobo auto
updater which spawns IE, which later spawns Firefox, which pulls up a
website which half the time is too busy, grrrr . . .

(Also I always check after Windows Updates, it's not unknown for
services to become mysteriously switched on again)

I'm using win2kSP4 and I haven't noticed any such re-activation of
previously disabled services as a result of any of the (infrequent)
updates. I only check the services list once in a blue moon but, afaict,
the settings still match the Black Viper list I used as a template some
3 years back.

I suspect this more to do with the lack of 'Must Have Goodies' that
microsoft seem so keen to foist upon the winXP afflicted. :-)

Yet another point is that if I have to turn the service back on it
also reminds me to kill my AV and other running programs which *can*
but don't necessarily hose instals.

You may well be right that it's wasted effort. But you'd only need to
be wrong once <G>

I don't disagree with you there.

I had another thought, are there any malwares which use Firefox .xpi
files to install themselves? Again I don't know the answer (and am too
lazy to go look it up <G>) that would be a good way to reduce Firefox
to the security level of IE.

I use Opera as my 'safe' web browser, so can't offer an opinion. I
don't doubt that Opera could be nursing an as yet unexploited security
hole or two. What persuaded me to go for Opera over the much touted
Firefox (at the time - when Opera was only free by accepting a banner
ad) was the fact that Secunia were reporting some 25 unaddressed
security issues out of a total of 75 for IE and 5 unadressed out of 25
for FF and zero out of zero for Opera7 :-)

Of course, some security issues have since come to light in Opera. I
don't know whether it still carries the crown for being the least
unsecure of the web browsers to date, but, even if it's as bad as FF, I
just simply like Opera, particularly for its download manager which
seems to me to have all the possible features you could need and the
time saving behavior of pre-emptively starting a download before you've
decided on a destination folder (unlike IE's downloader which waits for
you to specify the destination before it'll actually start the
download).

Mind you, there's always the problem of software that doesn't fully
uninstall such as Seagate's DiscWizard tools (Note to the wise: this
particular software leaves an orphaned Acronis TrueImage process running
after the DiscWizard has been "uninstalled").

I don't know if Seagate or Acronis is to blame for this, I suspect the
latter, but users of Seagate's DiscWizard tools or Acronis products
should take note (it's not just products like Norton AV/net security
that have defective uninstallers!).

Thanks for the heads up, I'd never actually tried deinstalling that
one, I do a format and full reinstall every so often and tend to save
up many of my updates and program changes for then. I went to the full
versions of Acronis, maybe if you did that as an "upgrade" it would
kill the remaining process. Maybe like Norton they leave crap behind
deliberately to screw up installs of rival products?

That well may be true. but I think they'll trot out the excuse that
it's to save you having to re-enter your registration details should you
have a change of heart and re-install their product again (perhaps, as
part of an uninstall/re-install cycle attempt to repair a damaged
installation of the product). That would be ok if such registry entries
were merely dormant items, but active orphans?

Also it may be to prevent you reinstalling a "free" trial, or getting
a "special discount" more than once (ISTR Seagate Disk Wizard does a
one-off advert for a discount on Acronis Trueimage)

I've seen properly written uninstallers giving the user the option to
retain or remove such components, so such an excuse wouldn't wash with
me. Such "anti-competitive" practice has me looking for a more honest
alternative and a desire to "Alert the World" to such uninstaller
incompetence or 'sharp practice'.

I don't know about you (or anyone else), but I prefer to deal with
companies that, at the very least, care about their customers'
experience as much as they care about their shareholders' experience. As
an end user, I don't want to use products by companies who rate
profitability over and above customer satisfaction.

Damn bloody right!!!

One reason I use no Adobe/Macromedia software (well OK a freebie
version of Premiere which came with a video card, but no *paid for*
stuff) is that they insist on pricing at £1=$1 and you can't order
from US sites. Another is that they *permanently* mark your HD so once
you've used a free trial you can *never* get another free trial of the
same program, and this marker survives a format, it's placed in a
hidden track somewhere. Just imagine what would happen if enough
different programs used the same "activation" technology and filled
the track, or used the same technique to disable the markers set by a
rival manufacturer's programs.

I doubt that's the way it works. It seems more likely that, at some
point during the download or install phase, the hard disk serial number
has simply been recorded in the software company's database.

Also AFAICR you MUST upgrade through each version, you can't upgrade
from earlier versions to the current one.

Somehow the likes of Corel manage to sell software which works about
as well and is considerably cheaper without any such clever clever
trickery, likewise Picture Window Pro from DLC, and of course The Gimp
which remains FREE.

People I much prefer doing business with.

And I still like Forte Agent, one of a dwindling band of programs
which installs into its *own* directory without spattering its guts
all over Windows, System 32 and the registry . . .

The only reason I installed the Seagate DiscWizard software was on
account I simply wanted to create the bootable diagnostic/cloning tool
floppy disk and this was the only method offered. Once created, after
discovering the additional processes that had been installed, I then
uninstalled, only to discover that my system now had an unwanted
passenger requiring manual intervention to trace and remove the registry
entries and associated files. Still, I suppose it keeps me on my toes
when dealing with the much more stubborn malware I often find on my
customers' machines.

Norton have the worst reputation for leaving dregs behind but they're
far from the only ones nowadays. :(

What do you use for registry cleaning? I see most recommendations for
Macecraft software, personally I use Ace Utilities, but only when I
really have to, I've concluded that a format and reinstall annually or
so is actually quicker than endless faffing around with "cleaning"
programs.

I pretty well gave up on 'Registry Cleaners' ever since I discovered
the falsity of Norton Utilities 4.5 claim that it could shrink the
registry back in the days of win95osr2, (my OS of choice until right up
to April 2004 - Sadly, not discovering the joys of win2k until a
hardware upgrade finally forced me to consider an alternative OS)

I have RegCleaner 4.1 by Jouni Vuorio, a freeware program which hasn't
been used in over a year, and I'm sure I've got another regcleaner
squirrelled away somewhere, a commercial product I _haven't_ paid for.

It was one of those ransomeware regcleaners that Serials2k just
happened to have a serial number for so I could try it out in full. I
wasn't impressed and, having tried to locate it (and failed), I guess it
fell victim to a recent 6 month rollback of the Boot/OS partition (I
really should maintain the notional monthly drive image backup schedule
I'd promised myself that I'd stick with). Anyhoo, it's not there
anymore, no great loss.

--
Regards, John.

Please remove the "ohggcyht" before replying.
The address has been munged to reject Spam-bots.

.