2 questions and 2 gifts

[thanatoid]

Hi gang,

As one or two of you who remember me from an occasional
previous appearance may know, I have been using 98SELite for
about 3 or 4 or 5 years. Before that, I used 95B and was
perfectly happy with it. But 95B does not do ethernet
properly. (Or at all, whatever.) So I switched to 98SELite.
(IMHO, 98SE without the Lite is unusable, but that's another
subject that no one in an XP group would care about. Still,
FYI, there /is/ Lite for XP: www.litepc.com, and there are
other customizers out there as well.)

Alas, I was hit by a harmless-yet-infuriating joke virus,
AGAIN, in fact for the 4th time in about 11 years, and *I have
had enough*.

Neither MBAM, ESET, Avira nor BitDefender could find it,
identify it or get rid of it, nor did a full reformat and
Acronis image restore do anything. I am too old for this.

So I have switched to XP. I figure once MS considers an OS
dead, it's a good time to start using it.

Anyway:



QUESTION 1

Intro:

As we all know, it is not a good idea to go on the internet
from an administrator account, so, after searching long and
hard for a way to do it, I cloned my admin account, since
cloning is supposed to preserve all the settings. Then I was
going to make it a limited account, but I hoped not to have to
set everything up from scratch.

Perhaps I was stupid enough to think "settings" meant user and
user interface settings, or maybe I did something wrong, but
NOTHING was "cloned", I ***DID*** have to set everything up
from scratch. Since all I was setting up were 5 programs I use
on the internet, it was not a big deal, but I also have
certain "problems" with the default XP interface so I had to
spend some time tweaking that as well. Anyway, it's done.

Question:

WHY does cloning an account create a directory about 2/3rds
the size of the admin's, but NOTHING is actually "cloned" -
nothing that a user can see or gives a FF about, anyway?



QUESTION 2

Intro:

The account IS limited, the main symptoms of which are being
unable to look at my firewalls' status window, being unable to
turn my AV on or off (for reasons someone may be able to
explain, now I can, although I did not change anything), and
the task manager showing about ten processes instead of 50 (or
whatever). Whoopsie do. I LIKE to see the firewall status
window, because I want to see where I am connected and what is
going on.

The FW is the free Agnitum Outpost Firewall 1.0.242 from 2002.
I tried a few of the current ones, but not only are they
150MBs or more instead of 3MB, they are totally demented and
could drive anyone crazy with their constant and idiotic
questions and nags. With Agnitum you just tell the machine
what /can/ get on the internet, and what can /NOT/. That's it.

Question:

Are the AV (ESET NOD32, all paid for) and firewall working
EXACTLY as I had them set up as admin, and I don't have to
worry about ANYTHING? (Those DO sound like "famous last
words"...)

And IS there ANY way to see the FW status window?



GIFT 1

After making this second account, I found it annoying to have
to click on a stupid MS taskbar thing to switch users. So,
after about 2 minutes in Google, I found a solution. Some of
you may find it useful as well (AFA the English, it's pasted
here as found in some forum):

+++++
Shortcut for Switch users in Windows XP

Windows XP, fast user switching allows multiple users to be
logged into a computer at once. Fast user switching has been a
very useful feature of Windows for multi-user computers. This
is very useful. Fast user switching will allow the other user
to log in while still retaining the other user's session.

To Create the Shorcut follow the following steps:

1. Right click the desktop and select New and then Shortcut
from the menu that appear.
2. Type "X:\windows\system32\tsdiscon.exe" into the location
box and Click Next. (Where X:\ is the drive letter where XP is
installed.)
3. As per your wish give it a name and click on Finish.
+++++

I'd give credit but I just saved the info. So, thanks, whoever
you are, you rule.

thanatoid's additional ideas for those who are a little
"fastidious":

Idea 1
This doesn't have to be a /desktop/ shortcut, although that is
probably the best place to put it since ALL you have to do is
double-click it. You can put it in the start menu or wherever
(see gift #2). And of course, you can assign any icon you
want. I gave it one with two arrows in a sort of a circle.

Idea 2
This happens as a command, so a cmd window will flash on the
screen before you see the normal logon screen. If you right-
click and go to properties, you can make it full screen (not
much of an improvement) or you can do what I did, make it the
smallest cmd window possible (by choosing the smallest fonts),
and maybe even give it some colors. I find it less offensive
that way, personally.

Real hardcore tweakers could make it flash a picture of their
choice by adding an argument or putting it inside a tiny batch
file, I suppose. I am not /quite/ there yet.



GIFT 2

Intro:

What do you consider the ***BIGGEST*** XP (and after)
annoyance? Ahh, there are SO many to choose from, aren't
there...

Well, for me it's the demented minimum of 3 user(s)
directories even if you are the ONLY person who ever touches
the computer. Of course, you can pretend they don't exist, and
just NEVER go into the Doc&Set directory, but I feel ill just
knowing it's all in there. And I thought the Registry was bad!
At least one could edit the registry!

Of course, if it only stopped there... But no, every one of
those 3 directories has completely different subdirectories
and EVEN BETTER, 3 different start menus. Fubar help you if
you want to guess where a program and its settings are going
to end up.

And there is nothing as charming and user-friendly as the XP
start menu after you've been using the machine for a while,
with its 200 or more main levels, sublevels, sub-sublevels,
sub-sub-sublevels, etc.

Gift:

Well, there is a solution. A free one. What kills me is I have
had an early version of it on a software CDR (I archive all
software I run across which looks interesting) for about 8
years, but I never tried it. And I could have been using it
with 95, because, like all well-written software, it works on
everything from 95 to 7.

The free solution is called FastLauncher, and this is where
you get it:

http://www.dvasoft.com

Depending on the resolution of your desktop, you can configure
250 programs or more to start with just two separate mouse
clicks (not a double click). For me, this is better than
spending 3 minutes searching for your program in the "normal"
XP start menu only to find it is not there because it ended up
in a different user account's startmenu group.

You can assign icons, arguments, runs as admin, etc. You can
even make it transparent per your preference.

Some of you may prefer to stick to the MS start menu which you
have suffered with for perhaps a decade or longer, and you are
certainly most welcome to do so. I hear wearing a hair-shirt
gets to be quite enjoyable after a while. I have also read
that on occasion, people released from prison commit a crime
just so they can go back, and it's not just for the free food
and laundry service. It's safe and comfortable - well, within
reason, but apparently still better than the very scary
*freedom*.

Afterword:

Replies to either of my questions, and any other comments,
will be most welcome. Especially if someone who really knows
their stuff realizes the "user switch" shortcut is NFG and
leaves you exposed. This has occurred to me but I don't know
enough about the XP user system to know for sure.

Regards,
t.

--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche

 

[Don Phillipson]

As we all know, it is not a good idea to go on the internet
from an administrator account , so, after searching long and
hard for a way to do it, I cloned my admin account, since
cloning is supposed to preserve all the settings.
. . .
WHY does cloning an account create a directory about 2/3rds
the size of the admin's, but NOTHING is actually "cloned" -
nothing that a user can see or gives a FF about, anyway?

WinXP has no "clone" function. Duplication of a User is
usually done by the Documents and Settings Wizard.
You can create a new User2 and then import into it
the Documents and Settings (in whole or part) of User1.

The FW is the free Agnitum Outpost Firewall 1.0.242 from 2002.

This seems unusual. The firewall component of WinXP
was updated years later than 2002 supposedly to resist
penetrations not known in 2002.

 

[Zaphod Beeblebrox]

Hi gang,

So I have switched to XP. I figure once MS considers an OS
dead, it's a good time to start using it.

That gave me a chuckle. Nice.

QUESTION 1

Question:

WHY does cloning an account create a directory about 2/3rds
the size of the admin's, but NOTHING is actually "cloned" -
nothing that a user can see or gives a FF about, anyway?

Sorry, no help here.

QUESTION 2

Question:

Are the AV (ESET NOD32, all paid for) and firewall working
EXACTLY as I had them set up as admin, and I don't have to
worry about ANYTHING? (Those DO sound like "famous last
words"...)

Since they are system-level services, they should be set up and
working exactly as you left them under the admin account.

And IS there ANY way to see the FW status window?

Probably a number of ways, but one way would be to set up a shortcut
to the program that displays your firewall status window with the
"runas" comamnd. For example, say your firewall status window was
launched with FW.EXE, you would make the shortcut comamnd line
something like this:

RUNAS /USER:administrator FW.EXE

When you launch the shortcut, it will prompt for the administrator
password and then run FW.EXE as the administrator. You can also
access the RUNAS functionality by shift+right-click on an arbitrary
shortcut and pick Run As from the context menu. You'll have to click
the radio button beside "The following user:" in the window that pops
up, then pick the username fromt eh dropdown and type the password.
That works fine for one-off uses, but for things you need to run as
admin frequently the shortcut is the way to go, in my opinion.

And before you ask, no, there is no way to build the admin password
into the command, but I seem to recall that there are third-party
utilities that can automate that.

Idea 2
This happens as a command, so a cmd window will flash on the
screen before you see the normal logon screen. If you right-
click and go to properties, you can make it full screen (not
much of an improvement) or you can do what I did, make it the
smallest cmd window possible (by choosing the smallest fonts),
and maybe even give it some colors. I find it less offensive
that way, personally.

Real hardcore tweakers could make it flash a picture of their
choice by adding an argument or putting it inside a tiny batch
file, I suppose. I am not /quite/ there yet.

Set the shortcut to Run Minimized instead of Normal Window, then it
only flashes the icon in the taskbar instead of flashing the window on
screen. Also, if you are a keyboard junkie, WinKey+L will get you
there without the mouse clicks and without flashing the comamnd
window/icon.

Afterword:

Replies to either of my questions, and any other comments,
will be most welcome. Especially if someone who really knows
their stuff realizes the "user switch" shortcut is NFG and
leaves you exposed. This has occurred to me but I don't know
enough about the XP user system to know for sure.

I'm curious how the shortcut could leave you exposed when you can get
the same thing from the Start menu or WinKey+L. Just asking, because
nothing comes to my mind...

--
Zaphod

Arthur Dent, speaking to Trillian about Zaphod:
"So, two heads is what does it for a girl?"
"...Anything else he's got two of?"

 

[Mayayana]

| As we all know, it is not a good idea to go on the internet
| from an administrator account,

Do we all know that? I always install XP to FAT32 to
avoid the permissions complications. If I had to use NTFS
I'd always run as Admin. To my mind the trouble of NTFS
is not worth the benefit.The idea of different
types of accounts originates from corporate PCs, where
the intranet is trusted but the employee is not. So all
the hallways are open but every cabinet and door is locked.
With SOHo PCs it's the opposite: the person using the PC
is generally trusted but the Internet is not. So in that case
a good front door lock is more appropriate. But Microsoft
wants to reduce support costs, and most people offering
advice have a business IT background. As a result "we all
know" that one should always run with restricted rights and
should never venture outside of one's Documents folder.
Each version of Windows is more adamant than the last
with that guidance.

It certainly doesn't hurt to run in "lackey mode" while
online, but it does create hassles, as you detailed in your
post. If you're going to lock all of your draws and cabinets
in order to avoid thieves then you're going to have to
reach for your keys every time you want something.
Meanwhile, exploits that bypass such restrictions are
common. By far a better method is to stop the leak in
the first place: Don't enable Jave or script. Remove
flash player and PDF browser plugins. Unfortunately, most
people are not willing to do that because their Facebook
page and favorite online shopping sites simply won't
function with safe settings.

|
| The FW is the free Agnitum Outpost Firewall 1.0.242
| from 2002. I tried a few of the current ones, but not
| only are they 150MBs or more instead of 3MB, they
| are totally demented
|

I did a lot of research, too, and never came up with an
ideal choice. Most of the popular ones have become extremely
bloated. I've settled on Online Armor 4.0.0.15 Free. It's not
perfect. It has a problematic behavior of accessing the disk
every few seconds, checking for a file that never existed in
the first place. Unfortunately, the company was sold to
another company called Emsisoft. The installer went from
an already bloated 11 MB to a ridiculous 21 MB. (Probably over
50 MB installed!) The free version became a sort-of-free-but-
you-have-to-sign-up version. (Perhaps ad-supported.
I'm not sure.) So I've stuck with v. 4.0.0.15. I also downloaded
the free pcTools firewall, which was well-rated, but never got
around to trying that one. I'd be willing to pay for a good
firewall, but I just haven't found the ideal product that
provides full, informative control over all in/out activity,
without also trying to be 5 other programs that I don't want.
(Anti-malware, anti-phishing, email filter, running program
monitor, etc.)

It'd be interesting to hear from others about their experiences
with firewalls. (Other than the Windows firewall, that is.)

The best firewall I ever used was AtGuard, which was way
ahead of it's time. But it was only written for Win95/98, and they
sold out to Symantec. Symantec then rebranded it, doubled
the price, reduced the functionality, and set 800+- programs
to be able to go through the firewall by default!

|
| And there is nothing as charming and user-friendly as the XP
| start menu after you've been using the machine for a while,
| with its 200 or more main levels, sublevels, sub-sublevels,
| sub-sub-sublevels, etc.
|

The XP Start Menu is not really different from the Win9x
Start Menu. If you use Classic View it's basically the same
thing. Right-click Start, click Explore, and you can clean
house, just like in Win9x. The real problem is software that
installs with a half dozen pointless links, to help file, uninstall,
website, etc.

The dual folders -- user and all users -- are a bit of a hassle.
That existed in Win9x but the All Users folder was almost never
used, so it didn't matter. Win9x was set up to default to an
"I'm the only user" setting. WinNT is designed with the
pretense that there's no such thing as a single-user, stand-
alone PC.
I just move everything to the All Users Start Menu folder, so
that it's effectively a single Start Menu. And I group things into
folders: Office, Utilities, Graphics, etc. I don't install software
on a regular basis, so I don't mind too much doing that
reorganization. For most things I'm just using Quick Launch,
anyway. (Unfortunately, that's one of the things that
Microsoft broke in Vista/7. One can put shortcuts on Quick
Launch, but software installers can't put them there.)

 

[thanatoid]

WinXP has no "clone" function. Duplication of a User is
usually done by the Documents and Settings Wizard.
You can create a new User2 and then import into it
the Documents and Settings (in whole or part) of User1.

OK. Since it's done, it was sort of "WHY????" question, but I
will save this for future reference.

This seems unusual. The firewall component of WinXP
was updated years later than 2002 supposedly to resist
penetrations not known in 2002.

I prefer to use Windows security products.

Thanks for the reply.



--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche

 

[thanatoid]

Since they are system-level services, they should be set up
and working exactly as you left them under the admin
account.

OK, that's reassuring.

Probably a number of ways, but one way would be to set up a
shortcut to the program that displays your firewall status
window with the "runas" comamnd. For example, say your
firewall status window was launched with FW.EXE, you would
make the shortcut comamnd line something like this:

RUNAS /USER:administrator FW.EXE

When you launch the shortcut, it will prompt for the
administrator password and then run FW.EXE as the
administrator. You can also access the RUNAS functionality
by shift+right-click on an arbitrary shortcut and pick Run
As from the context menu. You'll have to click the radio
button beside "The following user:" in the window that pops
up, then pick the username fromt eh dropdown and type the
password. That works fine for one-off uses, but for things
you need to run as admin frequently the shortcut is the way
to go, in my opinion.

And before you ask, no, there is no way to build the admin
password into the command, but I seem to recall that there
are third-party utilities that can automate that.

I will look into this.

Set the shortcut to Run Minimized instead of Normal Window,
then it only flashes the icon in the taskbar instead of
flashing the window on screen. Also, if you are a keyboard
junkie, WinKey+L will get you there without the mouse
clicks and without flashing the comamnd window/icon.

I'll try this.

I'm curious how the shortcut could leave you exposed when
you can get the same thing from the Start menu or WinKey+L.
Just asking, because nothing comes to my mind...

If nothing occurs to an obviously knowledgeable person like
you, then it should be fine.

Thanks for your reply.



--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche

 

[Zaphod Beeblebrox]

I will look into this.

By the way, if you are running the firewall status window in your
startup so that it launches each time you log in, there may be a
better way that does not involve typing the password every time. Let
me know if this would be helpful.

I'll try this.

I seem to recall that there are third-party utilities that can hide
the taskbar icon so if this isn't unobtrusive enough, that might be
another approach.

If nothing occurs to an obviously knowledgeable person like
you, then it should be fine.

Ah, I read your comment to mean you had something specific in mind you
were concerned about.

Thanks for your reply.

You are quite welcome.

 

[thanatoid]

| As we all know, it is not a good idea to go on the
| internet from an administrator account,

Do we all know that?

Hee hee. Well, it seems to be mentioned on every advanced
setup/usage site I've ever been to. "All" people, of course,
don't even know what it means, let alone whether it is true or
not.

I always install XP to FAT32 to avoid the permissions

complications.

I don't fully understand (nor want to unless it is imperative)
what permissions are, I always use FAT32 because I see no
point whatsoever in using
NTFS. I have NEVER had any trouble with it since I got my 95B
machine in 1997. Nor has anyone I know, in fact I can't even
remember reading about any ACTUAL trouble with it, except all
the innumerable warnings about how "dangerous" it is compared
to
NTFS. Probably just MS PR.

How does using FAT32 prevent NTFS "permissions complications"
though? It's just a different file structure, isn't it? How
can it affect software "as used daily" in such a major
fashion?

If I had to use NTFS I'd always run as Admin. To my mind the trouble of NTFS
is not worth the benefit. The idea of different
types of accounts originates from corporate PCs, where
the intranet is trusted but the employee is not. So all
the hallways are open but every cabinet and door is locked.

Yes, corporate is so much fun.

With SOHo PCs it's the opposite: the person using the PC
is generally trusted but the Internet is not. So in that
case a good front door lock is more appropriate. But
Microsoft wants to reduce support costs, and most people
offering advice have a business IT background. As a result
"we all know" that one should always run with restricted
rights and should never venture outside of one's Documents
folder. Each version of Windows is more adamant than the
last with that guidance.

This isn't even a soho, it's just a bored and useless
thanatoid.

So, are you saying that as the sole user with FAT32 I don't
have to worry about
limited accounts for the internet?

It certainly doesn't hurt to run in "lackey mode" while
online, but it does create hassles, as you detailed in your
post.

It's not that bad, it's just that I like to know what is
happening. I am using something called netstat (not the MS
one, it came with some program whose name I don't recall and
was the only good thing about it, a separate exe, so I kept
it).

If you're going to lock all of your draws and
cabinets in order to avoid thieves then you're going to
have to reach for your keys every time you want something.
Meanwhile, exploits that bypass such restrictions are
common. By far a better method is to stop the leak in
the first place: Don't enable Jave or script.

I don't have Java at all, but I can't use my bank's site
without javascript.

I use OffByOne for 99% of my browsing. It is 100% safe, until
someone proves otherwise.

Remove flash player and PDF browser plugins.

PDF plugins, of course.

But do you mean flash player plugins or flash player
altogether?

Unfortunately, most
people are not willing to do that because their Facebook
page and favorite online shopping sites simply won't
function with safe settings.

You will have to KILL ME to have me use facebook. In fact, I
am putting ALL facebook URL's I can establish the existence of
in my HOSTS file. (It should only take about 2 hrs.) Ah, the
good old days when
only Google (and MS) tracked your every move...

| The FW is the free Agnitum Outpost Firewall 1.0.242
| from 2002. I tried a few of the current ones, but not
| only are they 150MBs or more instead of 3MB, they
| are totally demented

I did a lot of research, too, and never came up with an
ideal choice. Most of the popular ones have become
extremely bloated. I've settled on Online Armor 4

without
also trying to be 5 other programs that I don't want.
(Anti-malware, anti-phishing, email filter, running program
monitor, etc.)

You might want to take a look at the one I use. I can post it
for you somewhere if you can't find it. (Since it's not
ZoneAlarm, the older versions are not easily found.) I don't
see how "block most/stealth" mode can be any less efective now
than it was in 2002.

It'd be interesting to hear from others about their
experiences with firewalls. (Other than the Windows
firewall, that is.)

That goes without saying. An "MS security product" is an
oxymoron.

The best firewall I ever used was AtGuard, which was way
ahead of it's time. But it was only written for Win95/98,
and they sold out to Symantec. Symantec then rebranded it,
doubled the price, reduced the functionality, and set 800+-
programs to be able to go through the firewall by default!
Typical.

| And there is nothing as charming and user-friendly as the
| XP start menu after you've been using the machine for a
| while, with its 200 or more main levels, sublevels,
| sub-sublevels, sub-sub-sublevels, etc.

The XP Start Menu is not really different from the Win9x
Start Menu. If you use Classic View it's basically the same
thing.

Win 9x did not have 3 (or 10) different user directories.

Right-click Start, click Explore, and you can clean
house, just like in Win9x. The real problem is software
that installs with a half dozen pointless links, to help
file, uninstall, website, etc.

Well, that's just part of the problem.

The dual folders -- user and all users -- are a bit of a
hassle.

Don't forget the 3rd, default user. The whole thing drives
anal-retentives like me insane.

That existed in Win9x but the All Users folder was almost
never used, so it didn't matter.

I didn't even KNOW it existed, and I've been using 9x since
1995 until a week ago.

Win9x was set up to
default to an "I'm the only user" setting. WinNT is
designed with the pretense that there's no such thing as a
single-user, stand- alone PC.

One of the truly wonderful gifts from MS.

I just move everything to the All Users Start Menu
folder, so that it's effectively a single Start Menu. And
I group things into folders: Office, Utilities, Graphics,
etc.

So do I.

But I still had VERY annoying probolems. That's why I now
use FL.

I don't install software on a regular basis, so I don't
mind too much doing that reorganization. For most things
I'm just using Quick Launch, anyway. (Unfortunately, that's
one of the things that Microsoft broke in Vista/7. One can
put shortcuts on Quick Launch, but software installers
can't put them there.)

I have no idea what that is, but that's OK.

I appreciate your reply, especially since I was so nasty to
you about your utility. Or did you just forget all about that?
;-)

So, again, with FAT32 I don't NEED a limited account?



--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'? Friedrich Nietzsche

 

[thanatoid]

<snip>

Of course, I meant

I prefer ****NOT**** to use Windows security products.


--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche

 

[Mayayana]

| I don't fully understand (nor want to unless it is imperative)
| what permissions are, I always use FAT32 because I see no
| point whatsoever in using
| NTFS.

Permissions/restrictions is the operation of limited
functionality for different user categories. Are you sure
you're not on NTFS? If you're on FAT32 the restrictions
don't function. (Right-click -> Properties on a file will
not have a tab for adjusting restrictions.)

| But do you mean flash player plugins or flash player
| altogether?
|

As long as it's not connected to the browser it doesn't
really matter whether the library is present. If the browser
can play flash content you're at risk.

| You might want to take a look at the one I use. I can post it
| for you somewhere if you can't find it. (Since it's not
| ZoneAlarm, the older versions are not easily found.) I don't
| see how "block most/stealth" mode can be any less efective now
| than it was in 2002.
|

Maybe I will check that out. But why did you choose v. 1?
The old version websites seem to have several, up to 3.5.

| I appreciate your reply, especially since I was so nasty to
| you about your utility. Or did you just forget all about that?
| ;-)
|

Not a big deal.

| So, again, with FAT32 I don't NEED a limited account?
|

With FAT32 you can't have a limited account.

 

[thanatoid]

| I don't fully understand (nor want to unless it is
| imperative) what permissions are, I always use FAT32
| because I see no point whatsoever in using
| NTFS.

Permissions/restrictions is the operation of limited
functionality for different user categories. Are you sure
you're not on NTFS?

Of course I'm sure.

If you're on FAT32 the restrictions
don't function. (Right-click -> Properties on a file will
not have a tab for adjusting restrictions.)

Correct. I was wondering what y'all was talking about.

So, setting up the limited account was a waste of time, or
should I try to understand how you can DL stuff while running
all your internet apps in Sandboxie, or... ?

| But do you mean flash player plugins or flash player
| altogether?
|

As long as it's not connected to the browser it doesn't
really matter whether the library is present. If the
browser can play flash content you're at risk.

Well, I try to do as little flash as possible. The one thing I
don't like about the latest Opera is there is no "flash
on/off" box you can put on the toolbar. Although there
probably is, I just haven't found it yet - opera config is a
little hairy, and I was using 10USB until 10 days ago, all set
up nice.

Speaking of Flash - are the latest AV programs (like my ESET
NOD32) capable of finding malware in them, or do they just
skip them, like they skip avi and jpg (and other) files... ?

| You might want to take a look at the one I use. I can post
| it for you somewhere if you can't find it. (Since it's not
| ZoneAlarm, the older versions are not easily found.) I
| don't see how "block most/stealth" mode can be any less
| efective now than it was in 2002.
|

Maybe I will check that out. But why did you choose v. 1?
The old version websites seem to have several, up to 3.5.

I tried a later version and it was considerably more insane,
plus it is not free and if I tried to buy it, they would tell
me I have to buy the latest 250MB version. I suppose I could
just do an Acronis restore every 28 days, but I really like
ver 1. All this is sufficiently overwhelming for now.

| I appreciate your reply, especially since I was so nasty
| to you about your utility. Or did you just forget all
| about that? ;-)
|

Not a big deal.

Thank you, and I apologize. I get a little nuts sometimes.
Short circuits in the old gulliver.

| So, again, with FAT32 I don't NEED a limited account?
|

With FAT32 you can't have a limited account.

Well, I do have it. I can post a grab of the logon screen for
you.

This is all very confusing. I have 3 accounts: admin,
Administrator [I believe this is the hidden super acount](both
of these have full control, but only admin shows up in the
logon screen), and internet, which /is/ limited.

XP Home SP3, BTW. I don't know if this makes any difference. I
tried XP Pro but it was too insane for me. Messing with the
group policy sort of did me in... It's not avail. in TweakUI
running under XPHome, and a good thing, too.

Plus, I was silly enough to think Home might NOT have 3
accounts in Doc&Set no matter what. Alas...


--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche

 

[thanatoid]

I thought if you installed XP on a FAT32 partition you
eliminated all those other accounts. ???? (Admin,
Default User, etc) And that there would only be one -
you. But I don't know, since I've never done it.

I went with Home because I thought Home did not force 3 accounts
on you. I was wrong.

Plus I need NTFS, on occasion, to be able to occasionally
handle processing some large video files w/o ever worrying
about exceeding a predetermined FAT32 limit (of 2 or 4 GB).
And ditto for storing my system drive backup images, which
are close to 20 GB in size. And with NTFS, that's a
non-issue.

This is the only valid argument for NTFS, infinite (right?) file
sizes. I have never had a file larger than 800MB or so, so...

THAT, and a host of other web sites (to see anything
useful).


IIRC, I found it useless - too many sites won't work right
with it. If you disable javascript it seems you're stuck
in the Stone Ages, at least at most sites.

All you lose is what passes as "graphic design" on the web, css,
etc. And to ME, that is a GOOD thing. I don't care about that
stuff. All I need is the content, not bloatware page design. If
I /need/ javascript, I use Opera.

Neither. I'd probably just shoot myself. Forget the
"teeth gnashing". And as for being divine, he's GOT to be
kidding.

Not "being" divine, divine as in "wonderful".


--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must be
lived by you once again and innumerable times more; and every
pain and joy and thought and sigh must come again to you, all in
the same sequence. The eternal hourglass will again and again be
turned and you with it, dust of the dust!' Would you throw
yourself down and gnash your teeth and curse that demon? Or
would you answer, 'Never have I heard anything more divine'?
Friedrich Nietzsche

 

[kelly]

Hi gang,

As one or two of you who remember me from an occasional
previous appearance may know, I have been using 98SELite for
about 3 or 4 or 5 years. Before that, I used 95B and was
perfectly happy with it. But 95B does not do ethernet
properly. (Or at all, whatever.) So I switched to 98SELite.
(IMHO, 98SE without the Lite is unusable, but that's another
subject that no one in an XP group would care about. Still,
FYI, there /is/ Lite for XP:www.litepc.com, and there are
other customizers out there as well.)

Alas, I was hit by a harmless-yet-infuriating joke virus,
AGAIN, in fact for the 4th time in about 11 years, and *I have
had enough*.

Neither MBAM, ESET, Avira nor BitDefender could find it,
identify it or get rid of it, nor did a full reformat and
Acronis image restore do anything. I am too old for this.

So I have switched to XP. I figure once MS considers an OS
dead, it's a good time to start using it.

Anyway:

QUESTION 1

Intro:

As we all know, it is not a good idea to go on the internet
from an administrator account, so, after searching long and
hard for a way to do it, I cloned my admin account, since
cloning is supposed to preserve all the settings. Then I was
going to make it a limited account, but I hoped not to have to
set everything up from scratch.

Perhaps I was stupid enough to think "settings" meant user and
user interface settings, or maybe I did something wrong, but
NOTHING was "cloned", I ***DID*** have to set everything up
from scratch. Since all I was setting up were 5 programs I use
on the internet, it was not a big deal, but I also have
certain "problems" with the default XP interface so I had to
spend some time tweaking that as well. Anyway, it's done.

Question:

WHY does cloning an account create a directory about 2/3rds
the size of the admin's, but NOTHING is actually "cloned" -
nothing that a user can see or gives a FF about, anyway?

QUESTION 2

Intro:

The account IS limited, the main symptoms of which are being
unable to look at my firewalls' status window, being unable to
turn my AV on or off (for reasons someone may be able to
explain, now I can, although I did not change anything), and
the task manager showing about ten processes instead of 50 (or
whatever). Whoopsie do. I LIKE to see the firewall status
window, because I want to see where I am connected and what is
going on.

The FW is the free Agnitum Outpost Firewall 1.0.242 from 2002.
I tried a few of the current ones, but not only are they
150MBs or more instead of 3MB, they are totally demented and
could drive anyone crazy with their constant and idiotic
questions and nags. With Agnitum you just tell the machine
what /can/ get on the internet, and what can /NOT/. That's it.

Question:

Are the AV (ESET NOD32, all paid for) and firewall working
EXACTLY as I had them set up as admin, and I don't have to
worry about ANYTHING? (Those DO sound like "famous last
words"...)

And IS there ANY way to see the FW status window?

GIFT 1

After making this second account, I found it annoying to have
to click on a stupid MS taskbar thing to switch users. So,
after about 2 minutes in Google, I found a solution. Some of
you may find it useful as well (AFA the English, it's pasted
here as found in some forum):

+++++
Shortcut for Switch users in Windows XP

Windows XP, fast user switching allows multiple users to be
logged into a computer at once. Fast user switching has been a
very useful feature of Windows for multi-user computers. This
is very useful. Fast user switching will allow the other user
to log in while still retaining the other user's session.

To Create the Shorcut follow the following steps:

1. Right click the desktop and select New and then Shortcut
from the menu that appear.
2. Type "X:\windows\system32\tsdiscon.exe" into the location
box and Click Next. (Where X:\ is the drive letter where XP is
installed.)
3. As per your wish give it a name and click on Finish.
+++++

I'd give credit but I just saved the info. So, thanks, whoever
you are, you rule.

thanatoid's additional ideas for those who are a little
"fastidious":

Idea 1
This doesn't have to be a /desktop/ shortcut, although that is
probably the best place to put it since ALL you have to do is
double-click it. You can put it in the start menu or wherever
(see gift #2). And of course, you can assign any icon you
want. I gave it one with two arrows in a sort of a circle.

Idea 2
This happens as a command, so a cmd window will flash on the
screen before you see the normal logon screen. If you right-
click and go to properties, you can make it full screen (not
much of an improvement) or you can do what I did, make it the
smallest cmd window possible (by choosing the smallest fonts),
and maybe even give it some colors. I find it less offensive
that way, personally.

Real hardcore tweakers could make it flash a picture of their
choice by adding an argument or putting it inside a tiny batch
file, I suppose. I am not /quite/ there yet.

GIFT 2

Intro:

What do you consider the ***BIGGEST*** XP (and after)
annoyance? Ahh, there are SO many to choose from, aren't
there...

Well, for me it's the demented minimum of 3 user(s)
directories even if you are the ONLY person who ever touches
the computer. Of course, you can pretend they don't exist, and
just NEVER go into the Doc&Set directory, but I feel ill just
knowing it's all in there. And I thought the Registry was bad!
At least one could edit the registry!

Of course, if it only stopped there... But no, every one of
those 3 directories has completely different subdirectories
and EVEN BETTER, 3 different start menus. Fubar help you if
you want to guess where a program and its settings are going
to end up.

And there is nothing as charming and user-friendly as the XP
start menu after you've been using the machine for a while,
with its 200 or more main levels, sublevels, sub-sublevels,
sub-sub-sublevels, etc.

Gift:

Well, there is a solution. A free one. What kills me is I have
had an early version of it on a software CDR (I archive all
software I run across which looks interesting) for about 8
years, but I never tried it. And I could have been using it
with 95, because, like all well-written software, it works on
everything from 95 to 7.

The free solution is called FastLauncher, and this is where
you get it:

http://www.dvasoft.com

Depending on the resolution of your desktop, you can configure
250 programs or more to start with just two separate mouse
clicks (not a double click). For me, this is better than
spending 3 minutes searching for your program in the "normal"
XP start menu only to find it is not there because it ended up
in a different user account's startmenu group.

You can assign icons, arguments, runs as admin, etc. You can
even make it transparent per your preference.

Some of you may prefer to stick to the MS start menu which you
have suffered with for perhaps a decade or longer, and you are
certainly most welcome to do so. I hear wearing a hair-shirt
gets to be quite enjoyable after a while. I have also read
that on occasion, people released from prison commit a crime
just so they can go back, and it's not just for the free food
and laundry service. It's safe and comfortable - well, within
reason, but apparently still better than the very scary
*freedom*.

Afterword:

Replies to either of my questions, and any other comments,
will be most welcome. Especially if someone who really knows
their stuff realizes the "user switch" shortcut is NFG and
leaves you exposed. This has occurred to me but I don't know
enough about the XP user system to know for sure.

Regards,
t.

--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
        Friedrich Nietzsche

The best thing to do when you come across a "bug" (ie: your joke pest)
is to find the "removal" for it.
Somewhere is the cure for it so if you want it then it's easier if you
post the name of it here along with doing a search for it. At least
try before you do a wipeout.
Good luck.

 

[Zaphod Beeblebrox]

| As we all know, it is not a good idea to go on the internet
| from an administrator account,

Do we all know that? I always install XP to FAT32 to
avoid the permissions complications. If I had to use NTFS
I'd always run as Admin. To my mind the trouble of NTFS
is not worth the benefit.

<snip>

I had a very long, detailed reply in progress but decided against it.
I'll just say I think you are misguided in your approach to security,
and leave it at that.

--
Zaphod

Arthur: All my life I've had this strange feeling that there's
something big and sinister going on in the world.
Slartibartfast: No, that's perfectly normal paranoia. Everyone in the
universe gets that.

 

[Zaphod Beeblebrox]

| So, again, with FAT32 I don't NEED a limited account?
|

With FAT32 you can't have a limited account.

Sure you can - however, without the file-level user permissions that
NTFS provides that FAT32 does not, the "limitedness" of the account is
compromised.

 

[Mayayana]

| So, setting up the limited account was a waste of time, or
| should I try to understand how you can DL stuff while running
| all your internet apps in Sandboxie, or... ?
|
I've always worked to avoid multi-logins
of any kind, so I had to set up an account to
see how it works. The window explains that it
won't be able to access most files, but as I
thought, there's no way to enforce that on
FAT32. Restrictions are functionality in the NTFS
file system. (It's often called "permissions", but
that's like saying "digital rights management".
No one needed any "rights" before restrictions
were instigated.)

On the limited account I went into Windows and
System32. I changed some things in the All Users
Start Menu. (I should note that I also remove
PCHealth in order to eliminate System File Protection
(known as Windows File Protection starting with Vista).
So I have no limitations on anything.)

If you want to run restricted in order to reduce the
actions that malware can take then I think you'd want
to convert to NTFS. (But you may not be able to
change back.)

Getting into the topic of the best online options brings
out lots of opinions. I don't enable script/cookies/3rd party
images/java/flash/iframes. (Many mega-ads from companies
like Doubleclick/Google are put into iframes so that they
can bypass 3rd-party cookie blocking. I think the Facebook
Like buttons may do the same thing.) Bill in CO says I'm
accessing a Stone Age Internet by doing that. I think
a lot of people feel that way. I go online for research and
news, mostly. I *like* static webpages, without cartoons
jumping around while I'm trying to read. I don't use webmail
and I don't take part in any sort of corporate-sponsored
social life. I also don't give credit card info. online. I find
what I want online, then call the store. If they don't have
a phone# I don't use them. (Not only for security. If there's
no phone# I can't call a human if there's a problem. So, no
Amazon or NewEgg.)

A lot of people would find that approach completely
unworkable. I find numerous sites with articles. Search
works fine. Serious websites mostly work fine. The things
that don't work are mostly the sites that depend high
interactivity or data mining and, therefore design their pages
not to work without script/cookies.

This topic is never really confronted honestly by any party.
Online companies want interaction for sales and data mining.
Individuals want to watch entertaining videos while they shop
for airfares and tell their friends about their day. Banks and
utility companies want online banking and bill-paying to save
money. Nobody wants to limit the functionality....but everyone
wants security....and no one will admit that it simply can't
be done.

There was an interesting article last week about a woman
in Iceland who's shocked that the US gov. was able to force
Twitter to release her personal data as part of their investigation
into Wikileaks. She's been posting for free on a commercial
website but has imagined that she has "rights". I see the
same thing with Facebookers. They let a corporation host
their social life and spy on them. When Facebook gets caught
being sleazy the Facebookers are up in arms, threatening to
quit the free service. But in no time they've forgotten
all about it.

I currently run Pale Moon and Firefox. I use Pale Moon for
most things. I use Firefox with script enabled if I need to deal
with a script-enabled site. I don't have any plugins except
DownloadHelper in Firefox.

| Speaking of Flash - are the latest AV programs (like my ESET
| NOD32) capable of finding malware in them, or do they just
| skip them, like they skip avi and jpg (and other) files... ?
|

I don't know the details of flash exploits, whether
it involves corrupt files or programmatic exploits. The
problem with AV is that a lot of exploits are using
approaches that are not yet known. It used to be
virus definitions required a monthly 1 MB update. Now
it's 40 MB every time one boots the computer. Yet
there are always new exploits. I don't think AV is good
for much other than watching for suspicious disk activity.


| >| You might want to take a look at the one I use. I can post
| >| it for you somewhere if you can't find it.

Thanks. I got a copy at Oldapps. I think you're right about
the updates: Basic networking hasn't changed in XP, so it's
hard to see why an older firewall wouldn't be up-to-date.

| >| I appreciate your reply, especially since I was so nasty
| >| to you about your utility. Or did you just forget all
| >| about that? ;-)
| >|
| >
| > Not a big deal.
|
| Thank you, and I apologize. I get a little nuts sometimes.
| Short circuits in the old gulliver.
|

Accepted. Thanks.

| >
| > With FAT32 you can't have a limited account.
|
| Well, I do have it. I can post a grab of the logon screen for
| you.
|

Yes, but, as noted above, it's really only doing what the
same thing did in Win9x -- saving Desktop layout, etc. for
each person. XP was designed to be a corporate workstation.
In that usage it's always on NTFS, and it's designed to
cater to the needs of corporate sys. admins. So whether
you're on FAT32 or NTFS, the Admin GUI is the same.
(Which is actually quite odd. FAT32 was the default for
OEM PCs when XP first came out.)

| This is all very confusing. I have 3 accounts: admin,
| Administrator [I believe this is the hidden super acount](both
| of these have full control, but only admin shows up in the
| logon screen), and internet, which /is/ limited.
|

Yes. There's Admin, default user, you, All Users....
The Documents and Settings folder is a ridiculous mess.
And that's all before you create users! If you delete
any extra accounts and disable Guest you can skip
the logon screen altogether. You may as well, unless
you have kids using your PC and don't want them
changing your wallpaper.

| XP Home SP3, BTW. I don't know if this makes any difference. I
| tried XP Pro but it was too insane for me. Messing with the
| group policy sort of did me in... It's not avail. in TweakUI
| running under XPHome, and a good thing, too.
|

That's not exactly true. Group Policy is another thing
designed for corporate sys. admins. The applet is only
installed on Pro, but the settings apply on all XP machines.
Remember the IE-MD utility I posted about before? One
of the functions in that sets 8 different Registry settings
for each single security setting in each IE zone! There's
normal HKLM and HKCU, Lockdown HKLM and HKCU, then
there's the same 4 under the Software\Policy key. Since
the whole thing is designed for corporate use, someone
using IE will only see their own settings under HKCU,
regardless of which settings are actually being applied!
So you can't escape the Group Policy mess...and malware
could exploit it.
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
I guess that depends on what I did last time. It's
an interesting thought experiement to highlight the true
nature of freedom. (We are free to relate to what is.)
But I don't understand why Nietzsche (sp?) said it.

 

[Mayayana]

| > Do we all know that? I always install XP to FAT32 to
| > avoid the permissions complications. If I had to use NTFS
| > I'd always run as Admin. To my mind the trouble of NTFS
| > is not worth the benefit.
|
| <snip>
|
| I had a very long, detailed reply in progress but decided against it.
| I'll just say I think you are misguided in your approach to security,
| and leave it at that.
|

Even after reading my explanation? I've never had a
virus or malware infestation. I haven't used AV for
many years. I certainly wouldn't use "malware hunter"
software. And I never have to tangle with restriction
hassles. I also don't enable script online. I download
very little. And I only read unknown email as plain text.

To me it seems misguided to lock every door in your
house while paid security guards traipse through the
living room... yet the front door is wide open.

But isn't the real test in the results and not what in
Microsoft defines as "best practice"? If you want to
shop and Facebook and don't want to have to hassle
with paying attention to what you do online, then I'd
agree with you. In fact, I'd go further and recommend
that you buy a Apple product.

 

[Mayayana]

| > Do we all know that? I always install XP to FAT32 to
| > avoid the permissions complications. If I had to use NTFS
| > I'd always run as Admin. To my mind the trouble of NTFS
| > is not worth the benefit.
|
| <snip>
|
| I had a very long, detailed reply in progress but decided against it.
| I'll just say I think you are misguided in your approach to security,
| and leave it at that.
|

Even after reading my explanation? I've never had a
virus or malware infestation. I haven't used AV for
many years. I certainly wouldn't use "malware hunter"
software. And I never have to tangle with restriction
hassles. I also don't enable script online. I download
very little. And I only read unknown email as plain text.

To me it seems misguided to lock every door in your
house while paid security guards traipse through the
living room... yet the front door is wide open.

But isn't the real test in the results and not what in
Microsoft defines as "best practice"? If you want to
shop and Facebook and don't want to have to hassle
with paying attention to what you do online, then I'd
agree with you. In fact, I'd go further and recommend
that you buy a Apple product.

 

[thanatoid]

ups.com:

On Nov 17, 11:42 am, thanatoid <[email protected]>
wrote:

The best thing to do when you come across a "bug" (ie: your
joke pest) is to find the "removal" for it.

Had your READ my entire post (I know it's long) instead of
just including it in YOUR 6-line reply, you would know I had
ESET NOD32, BitDefender, Avira, and MBAM scan the system and
they all found ***nothing***. You would also have read what I
/suspect/ was happening.

Somewhere is the cure for it so if you want it then it's
easier if you post the name of it here along with doing a
search for it.

What makes you think the thing which no AV/malware program can
ID has a name, let alone a name I would know?

At least try before you do a wipeout.

Too late, it's gone. XP is fine so far, well, you know - after
a week of merciless lashing at its idiotic design.

Good luck.

Thank you.

But /please/ learn to <snip> ;-) At least you didn't top-post,
although in this case I doubt anyone would have complained.
;-) ;-)


--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche

 

[thanatoid]

| > Do we all know that? I always install XP to FAT32 to
| > avoid the permissions complications. If I had to use
| > NTFS I'd always run as Admin. To my mind the trouble of
| > NTFS is not worth the benefit.
|
| <snip>
|
| I had a very long, detailed reply in progress but decided
| against it. I'll just say I think you are misguided in
| your approach to security, and leave it at that.
|

Even after reading my explanation? I've never had a
virus or malware infestation. I haven't used AV for
many years. I certainly wouldn't use "malware hunter"
software. And I never have to tangle with restriction
hassles. I also don't enable script online. I download
very little. And I only read unknown email as plain text.

To me it seems misguided to lock every door in your
house while paid security guards traipse through the
living room... yet the front door is wide open.

But isn't the real test in the results and not what in
Microsoft defines as "best practice"? If you want to
shop and Facebook and don't want to have to hassle
with paying attention to what you do online, then I'd
agree with you. In fact, I'd go further and recommend
that you buy a Apple product.

Hee hee.


--
What if a demon were to creep after you one night, in your
loneliest loneliness, and say, 'This life which you live must
be lived by you once again and innumerable times more; and
every pain and joy and thought and sigh must come again to
you, all in the same sequence. The eternal hourglass will
again and again be turned and you with it, dust of the dust!'
Would you throw yourself down and gnash your teeth and curse
that demon? Or would you answer, 'Never have I heard anything
more divine'?
Friedrich Nietzsche