Autoruns by SysInternal

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities.

Autoruns‘ Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

You’ll probably be surprised at how many executables are launched automatically!

Screenshot

Autoruns

Usage

Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers, media codecs, and more. Switch tabs to view autostarts from different categories.

To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.

Navigate to the Registry or file system location displayed or the configuration of an auto-start item by selecting the item and using the Jump to Entry menu item or toolbar button, and navigate to the location of an autostart image.

To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.

The Options menu includes several display filtering options, such as only showing non-Windows entries, as well as access to a scan options dialog from where you can enable signature verification and Virus Total hash and file submission.

Select entries in the User menu to view auto-starting images for different user accounts.

More information on display options and additional information is available in the on-line help.

Autorunsc Usage

Autorunsc is the command-line version of Autoruns. Its usage syntax is:

Usage: autorunsc [-a <*|bdeghiklmoprsw>] [-c|-ct] [-h] [-m] [-s] [-u] [-vt] [[-z ] | [user]]]

-a Autostart entry selection:
   * All.
   b Boot execute.
   d Appinit DLLs.
   e Explorer addons.
   g Sidebar gadgets (Vista and higher)
   h Image hijacks.
   i Internet Explorer addons.
   k Known DLLs.
   l Logon startups (this is the default).
   m WMI entries.
   n Winsock protocol and network providers.
   o Codecs.
   p Printer monitor DLLs.
   r LSA security providers.
   s Autostart services and non-disabled drivers.
   t Scheduled tasks.
   w Winlogon entries.
-c Print output as CSV.
-c Print output as tab-delimited values.
-h Show file hashes.
-m Hide Microsoft entries (signed entries if used with -v).
-s Verify digital signatures.
-t Show timestamps in normalized UTC (YYYYMMDD-hhmmss).
-u If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files.
-x Print output as XML.
-v[rs] Query VirusTotal (www.virustotal.com) for malware based on file hash. Add ‘r’ to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal if the ‘s’ option is specified. Note scan results may not be available for five or more minutes.
-vt Before using VirusTotal features, you must accept VirusTotal terms of service. See: https://www.virustotal.com/en/about/terms-of-service/ If you haven’t accepted the terms and you omit this option, you will be interactively prompted.
-z Specifies the offline Windows system to scan.
user Specifies the name of the user account for which autorun items will be shown. Specify ‘*’ to scan all user profiles.

Related Links

  • Windows Internals Book
    The official updates and errata page for the definitive book on Windows internals, by Mark Russinovich and David Solomon.
  • Windows Sysinternals Administrator’s Reference
    The official guide to the Sysinternals utilities by Mark Russinovich and Aaron Margosis, including descriptions of all the tools, their features, how to use them for troubleshooting, and example real-world cases of their use.

Do Macs Need Malware Protection

On the popular Discovery Channel program “Mythbusters,” hosts Adam Savage and Jamie Hyneman take a legend and deconstruct it to see whether its long-held beliefs are legitimate. They’ve busted all kinds of myths, from Jimmy Hoffa being buried under Giants Stadium (not true) to the ability to kill someone without a trace using an ice bullet (the bullet vaporizes as soon as the trigger’s pulled).

One tall tale they haven’t tackled is that Macs are impervious to malware, so you needn’t worry about cybersecurity solutions. Antivirus and anti-malware protection is for the PCs.

We’re here to bust that myth.

Growing trend

Out the gate we can tell you that it’s true, Macs don’t have the same problem with malware as PCs do. One of the main reasons: sheer numbers. Cybercriminals look at the market and see that the vast majority of folks are on PCs, so they concentrate their efforts on creating malware that will result in the largest return on investment.

But the tide is turning. Macs are now responsible for 7.5 percent of global personal computer sales. In the U.S., Apple is one of the top three PC vendors, just behind HP and Dell. And as creative departments grow in corporate environments (from design and content to programming and testing), more and more businesses are adding larger numbers of Macs to their environments.

The popularity of Macs leads to more cybercriminals wanting to write malicious code for OS X. Although still much lower than PCs, the number of threats targeting Apple operating systems has grown steadily, with a spike in Mac infections observed over the last 18 months. A recent study by Bit9 + Carbon Black found that the number of Mac OS X malware samples detected in 2015 was five times greater than in the previous five years combined.

Forms of malware on Macs

Apple security is fairly tight—OS X has a basic built-in anti-malware feature, and if the machine detects a malicious program, it gets added to the signature database. From that point on, that piece of malware can’t be opened on any Mac, unless the user has explicitly disabled security updates. But clearly some malware is getting through. Which forms?

The worst offender is adware. “There are many different adware programs infecting the Mac right now, and they’re in a constant state of flux,” says Thomas Reed, Director of Mac Offerings at Malwarebytes. “Adware-riddled installers are everywhere, and it’s becoming harder and harder to tell where a safe place is to download software.”

Other forms of malware have given Apple the slip, including Potentially Unwanted Programs (PUPs), Info stealers, Trojans, and even ransomware (KeRanger). While these forms of malware are less prevalent, they can still be quite dangerous. KeRanger was downloaded by around 6,500 people within the 12-hour period that it was available. Some of those users had their data completely destroyed.

How are they getting through?

The main way that adware and malware is getting through on Macs these days is through codesigned apps, using a certificate obtained from Apple. The certificate is either stolen or bought and simply treated as disposable, since it costs only $99. Apple can revoke these certificates if they see them being abused, and they do so quickly when they find a new signed malware. However, Apple doesn’t take a particularly hard stand against most adware, which can persist for a long time with the same certificate.

In addition, video and audio streaming sites and piracy sites often dole out adware. Software download sites distribute installers containing adware that has been added without the permission of the developers. Worse, even some developers’ own sites are guilty of bundling adware. For example, the popular Filezilla FTP client installs adware even when downloaded directly from the official site, and the free version of Avast had (and may still have) an ad-injecting feature in its browser extension.

What happens to your Mac after an infection?

Adware is a serious hassle. Injected ads are intrusive and can contain offensive content. They can also slow down your computer’s performance and result in browser destabilization. Malicious ads can even direct you to tech support scams where you can be scammed out of your money or into installing other harmful software.

But that’s not all, Bob! What else have you won? Info stealers can, obviously, steal your info. And in the case of ransomware, data can be totally destroyed with no shot of getting it back.

Final verdict

Myth: Macs are impervious to malware.

Fact: Macs, while less vulnerable than PCs, are assailable. Their security can be penetrated, especially by cybercriminals looking to deliver adware.

So do you really need a security solution for your Mac? “Although the primary threat right now is adware, it’s still a problem of epidemic proportions,” says Reed. “Even knowledgeable Mac users have been known to fall victim to some kind of adware, so it’s no longer true that you can avoid threats by simply being careful what you download.”

With increases in Mac popularity making OS X more appealing for crooks, plus the already considerable onslaught of adware, it makes sense to install an anti-malware program for your Mac. It should catch what OS X misses and restore your Mac’s performance to the high caliber you expect.

Now what other myths can we bust? Can tooth fillings really receive radio waves?

802.11ac Is Here, 5 Things You Need To Know

Gigabit Wi-Fi, 802.11ac, is officially here, but what does that really mean? Here’s my list of the five things you need to know before you invest in this new wireless technology.

1) 802.11ac is not going to give you a Gigabit of throughput

True, 802.11ac access points working with 802.11ac devices will give you faster data transmission feeds than 802.11n. The Wi-Fi Alliance claims that Wi-Fi Certified 802.11ac can deliver data rates up to more than double those of a typical 802.11n network. Practically speaking the Alliance claims that “this means a network can support simultaneously streaming multiple HD-quality videos to multiple devices.”

Fair enough, but in practice you’re not likely to see an 802.11ac reach its theoretical maximum of 1.3 Gigabit per second (Gbps). That’s because the conditions you need to reach that speed requires a laboratory not your office.

To reach the highest speeds you need three data-streams, each of which can run up to 433 Megabits per second (Mbps). A typical 802.11ac access point can support up to eight data streams. Client devices must only support one.

For example, the Samsung Galaxy S4 supports 802.11ac with the Broadcom BCM4335 Wi-Fi chipset. This chipset only supports a single stream so, even in the best of all possible worlds, you’ll only see 433Mbps.

The “unofficial” 802.11ac devices that have been shipping for the last few months, and the first generation of the standard 802.11ac devices aren’t likely to hit these speeds even on a testbed. The fastest speeds here in CNeET/ZDNet land we’ve seen to date came from the NetGear R6300 WiFi Router, which hit a high of 331Mbps.

That’s great, but it’s not gigabit great. It is, however, a lot faster than you’ll see then with any combination of 802.11n gear.

2) Working out the range

802.11ac only supports the 5GHz frequency. The good news about that is that there’s far more room in that frequency spread than there is in the over-used 2.4GHz . The bad news is that a 5GHz signal has less range.

At the same time, 802.11ac has another feature, beam-forming, that gets around the general 5Ghz range problem. For the Wi-Fi access point in your office today, the signal is omni-directional—it forms a communications sphere around the device. With 802.11ac the signal is broadcast directly from the access point (AP) to a specific device and back again.

While no one seems to have published much on what this means, I expect it means that if you’re in an environment with few 802.11ac devices, say eight, you’ll actually see excellent range. But, if you’re in at a convention center with hundreds of 802.11ac devices I suspect you’ll need to be much closer to an AP to get a signal. That said, life is always miserable for Wi-Fi users in hotels and large meetings rooms.

3) Backwards Compatibility

All 802.11ac devices will support older Wi-Fi technologies such as your 802.11n-equipped laptop or even your old 802.11g network bridge. 802.11ac can’t do magic though. For example, if you buy an 802.11ac AP you’ll still be limited to your older devices’ maximum speeds.

Soon, there will be a lot of new gear that supports 802.11ac as clients. If you buy an 802.11ac AP now you’re really buying for future use. It’s not going to do you much good today.

As always you should remember that any network is only as fast as its slowest link. For instance, if you’re buying 802.11ac to improve your Netflix viewing experience and your Internet connect is 10Mbps, it won’t do you a darn bit of good. 802.11n, or even 802.11g, is all you’ll need.

4) AP Channel Conflict Ahoy

Anyone who does any Wi-Fi network management knows that the 2.4GHz range is as crowded as a Best Buy store on Black Friday morning. In theory, you can use up to 14 channels. In practice, to avoid interference, you can only use three or four channels. If you have conflicting channels, you’ll see your network performance go down the toilet. The advantage of 802.11a and 802.11n’s 5Ghz range is that was so much room that you didn’t need to worry about interference. Get worried again.

One of the big ways that 802.11ac gains its speed is by using 80MHz wide channels. In 802.11ac wave two devices–the next generation of 802.11ac, which will start showing up in 2014–the channels will take up 160MHz of frequency. What that means exactly depends on your country, since there are a wide variety of rules on how the 5GHz range can be used. But, in the United States that means 802.11ac will have at most five available channel selections. When 802.11ac second-wave appears it will go down to one or two.

80211acChannels
The 5GHz frequency range is messy, and using it is only going to get a lot messier as 802.11ac continues to evolve. (Credit: Cisco)

In other words, network administrators should start working out now where they’ll be placing 802.11ac APs, because once more you’ll need to be wary of fouling up performance because of AP interference. And, let’s not talk about that business on the floor below you that’s always munging up your network.

5) 802.11ac requires additional infrastructure

I know, you thought 802.11ac would let you get rid of some of your Gigabit wiring. Nope. Not going to happen. First, as I already explained you’re not really going to get Gigabit speeds out of 802.11ac.

Second, and what many people don’t know, is that second-wave 802.11ac APs will require two, not one, Gigabit Ethernet ports. That just doubled your need for switch ports and cable runs. Oh boy!

Sure, you can get by with one port for now, but remember you’re not really going to have that many 802.11ac clients in 2013. Next year is when they’ll start showing up in large numbers and that’s when the second wave 802.11ac APs will be appearing.

So, you can forget about doing a drop and replace for your existing 802.11g/n network APs. You won’t be able to do it. Look on the bright side: Even with the next generation of 802.11ac you probably won’t need to back them up with 10Gbps up-links.

What all this means is that Gigabit Wi-Fi isn’t really here. Faster Wi-Fi is but it’s not really going to take off until 2014 and when it does come deploying it is going to be expensive. I foresee all of us using 802.11n Wi-Fi for years still to come. 802.11ac is not going to roll out quickly.

Difference Between Windows 8 and 8.1

Ever since Microsoft announced that the upcoming update to Windows 8 will be called as Windows 8.1 and will be available for free to all Windows 8 users, many users who aren’t closely following Microsoft, seem to have confused Windows 8.1 as a service pack.

Windows 8.1

For those who’re under the impression that Windows 8.1 update is a service pack, a service pack mainly contains previously released updates and fixes, but doesn’t include new features. So, Windows 8 isn’t a service pack as includes new features.

As some of you may know, when Windows Vista was released back in 2007, it didn’t do well in the market and two years later, Microsoft released a polished version of Vista and named it as Windows 7, which went on to become the highest selling operating system in the history. The only major difference (leaving aside features) between Windows 7 and Windows 8.1 is that Windows 7 wasn’t a free update to Vista users and Windows 8.1 is absolutely free to all Windows 8 users.

As the “.1” in the Windows 8.1 name suggests, Windows 8.1 is based on Windows 8. Windows 8.1 update adds hundreds of new features and functionalities to Windows 8 without removing existing features, and is completely free to all Windows 8 users.

Windows 8.1 update is largely based on the feedbacks that Microsoft received by millions of Windows 8 users over the last year. According to Microsoft, this update will encourage XP, Vista, and Windows 7 users to upgrade to the newest version of Windows.

One can say that Windows 8.1 is what Windows 8 should have been, or we can also say that “.1” completes Windows 8!

Windows 8.1 adds the missing Start button to easily switch to the Start screen, an option to boot directly to desktop by skipping Start screen, settings to customize the Start screen, option to automatically set desktop background as Start screen, an easier way to shutdown and restart PC, and hundreds of other features.

Go through the below chart to know some of the key features present in Windows 8.1 that aren’t part of Windows 8:

Difference Between Windows 8 and 8.1

Good luck!

How to Stop Windows 7 or 8 From Downloading Windows 10 Automatically

Screenshot_9_10_15__10_02_PM

Microsoft hasn’t exactly been endearing themselves to tech geeks everywhere lately, with all the privacy concerns and other issues. And now they are automatically downloading all of Windows 10 to your Windows 7 or 8 PC, whether you asked for it or not.

RELATED ARTICLE

30 Ways Your Windows 10 Computer Phones Home to Microsoft
Windows 10 phones home more than any other version of Windows before it. Along with Windows 10, Microsoft released a… [Read Article]

To be clear, they aren’t automatically installing Windows 10, but they are downloading the entire installer, which is at least 3 GB, which takes up a lot of drive space, and also wastes your network bandwidth. For people who don’t have unlimited bandwidth, this can seriously cost you a lot of money.

According to a statement provided to The Register by Microsoft, their explanation is that they think this is a better experience:

“For those who have chosen to receive automatic updates through Windows Update, we help customers prepare their devices for Windows 10 by downloading the files necessary for future installation. This results in a better upgrade experience and ensures the customer’s device has the latest software.” 

So this only affects people who have automatic updates enabled, but that’s almost everybody since automatic updates are on by default and are rather important for security reasons — the flood of critical security patches in the last year has shown that it’s probably a good idea to leave automatic updates enabled.

RELATED ARTICLE

But downloading an entire operating system “just in case” you might want to upgrade to it instead of simply waiting for people to decide to opt in — that isn’t the type of behavior that we want.

Make Windows 10 Stop Downloading the Easy Way

If you want a really simple and easy way to get rid of the “Get Windows 10” icon and stop your PC from downloading Windows 10, you can download a little piece of freeware called GWX Control Panel from a developer that isn’t happy with this nonsense either.

Download it, run it, and then click the “Disable Get Windows 10 App (permanently remove icon)” button. And then click the “Disable Operating System Upgrades in Windows Update” button too for good measure.

Screenshot_11_2_15__9_03_PM

You’ll have to reboot, but at the end, the icon will be gone and your computer shouldn’t get the upgrade. And luckily you can click those buttons again to put things back the way they were.

How to Block Windows 10 from Downloading (Hopefully)

Unfortunately, there’s no magic button to click to stop Windows 10 from downloading. In fact, you’re going to have to install a special patch from Microsoft to keep them from making you download something else. And that’s if you believe Microsoft’s support documentation, which says that you can block the Windows 10 upgrade this way.

We haven’t been able to absolutely prove that this will stop Windows 10 from downloading because it’s hard to say that this is working just because Microsoft hasn’t forced us to download 3GB of files we didn’t ask for.

This is one of those instances where we normally would avoid writing on the topic, since too much is up in the air and we like to be accurate at all times. So please excuse us if this doesn’t work for you.

Step 1

You’ll need to install this patch from Microsoft’s website (from what we can tell you’ll need to be on Windows 8.1 and not 8 to install the patch), so pick the version for your OS, install it, and reboot.

Step 2

Open up your registry editor using the Start Menu search or by pressing WIN + R and typing regedit and hitting enter, and then navigate down to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate

You’ll probably have to create the WindowsUpdate key on the left-hand side, which you can do by right-clicking the Windows node. Click on that new key, and then create a new 32-bit DWORD called DisableOSUpgrade on the right-hand side, and give it a value of 1.

Screenshot_9_10_15__10_19_PM

Don’t want to bother with all that? You can simply download our registry hack file, unzip, and double-click on the file to install it.

And you should probably reboot after you do this.

Alternative Option: Set Windows Update to Not Download Things

If you set Windows Update to notify you but don’t download anything, Microsoft won’t automatically send the updates down.

Please note that this is a bad idea for security reasons, so unless you have a metered connection and don’t have the bandwidth to download updates, you probably shouldn’t do this.

You can simply go into Windows Update and click on Change settings, and then change the drop-down to “Check for updates but let me choose whether to download and install them”.

Screenshot_9_11_15__8_23_AM

If you do this, please make sure that you keep up with installing updates.

When You Do Want to Upgrade in the Future

The one side effect of going through all of this is that you won’t be able to upgrade to Windows 10 in the future until you remove that registry key.

Luckily you can simply use the uninstall registry key provided in the download.

So You Already Have the $WINDOWS.~BT Folder?

If you already have the folder, which is hidden on the root of your system drive, you’re going to want to follow these instructions over on AddictiveTips to remove it. We haven’t verified these instructions, as we already upgraded most of our computers to Windows 10, and we don’t have the folder on any of our test VMs.