Your Ad Here

The average computer user

Over the past 18 months I have come to realize that the average person knows less about using their computers than they do about maintaining cars. Take for example my customer from earlier this week (which is an amazing exemplar for the average customer), who had a 2 year old Dell running Windows XP. Nothing unusual about their computer, 1.8Ghz P4, 128MB Ram (I still want to know how any manufacturer can sell that with an XP box in good conscious), connected through a Comcast cable connection to the internet. Of course, the next part is where the fun begins:

  • No firewall (Even the XP firewall was turned off)
  • McAfee AV installed with definitions from 5/2003
  • Kazaa
  • Morpheus
  • No anti-spyware of any sort

This machine litterally took between twenty and thiry minutes to boot from the time you hit the power button to the time a desktop would load. Granted that this was partly from the lack of RAM, but my customer had stated too me that they had been having problems like this for almost six months before they called me out to take care of it for them. Six months? Your computer has been unusable for nearly six months and you just now decided to call me out to take care of this for you?!?!

Wanting to see how bad this really was, I booted to my GeekCD and ran HijackThis! to see what came up. I ended up removing 184 items with HijackThis! and just stared at the computer in amazement. I knew it was bad before that, but I seriously was shocked that this computer booted, ever. I kindly explained to my customer that the machine needed some serious TLC and I could bring it back the next day all fixed (I had to take it offsite as the customer was a heavy chainsmoker, extremely allergic) and that we were going to upgrade the RAM to something more acceptable than 128MB. This customer was very price sensitive, so they were looking for any free programs that I could use to keep cost down.

Step 1: Install 256MB PC2100. Much Better, actually boots under 10 minutes now.
Step 2: Cleanup (BartPE)

  • Quick manual registry editing (Approx 20 keys)
  • Virus removal: 247 virii (mostly trojans/downloaders)
  • Spyware removal

Step 3: Boot to Windows and install/run Microsoft’s Antispyware (removed another 13 threats)
Step 4: Install SP2 and post-SP2 Windows Updates
Step 5: Install Firefox
Step 6: Install latest version of Sun Java
Step 7: Install Zonealarm free version
Step 8: Install Avast! Anti-virus
Step 9: Crack a beer and relax
Step 10: Prepare for the next battle

Come back the next day, drop off computer and present customer with bill. Customer is ecstatic that machine works, while I am satisfied that another genius learns that you can’t just do anything you want on the internet and not have issues if you don’t take any steps to protect yourself. If nothing else, the more people we can touch and explain the evils of spyware and how to prevent it from ever reaching their machine the safer the internet will become for all.

The entire time I worked on this computer, and those like it, I just keep thinking how dumbfounded most people are when they are informed that they are riddled with spyware and viruses. They never seem to understand how those file sharing programs or all the porn they are looking at could ever possibly cause any problems, after all they have Norton installed (with definitions from 2004 and the real-time scanner disabled due to a virus). It’s amazing how a big repair bill can open peoples eyes and get them to understand how the things they do on the internet can dramatically affect the performance of their PC.

One of my favorite questions came from a lady I met one day while working on her daughter’s computer that was little with CWS-NS3 among other things. Her question was very innoccent, but very disturbing:


“If my grandkids come over and use AOL (by logging on as a guest, the woman doesn’t have her own internet access) can my computer get infected by this stuff?”

Obviously, my answer was yes. After which she basically told me that she has no Anti-virus, no firewall, nothing to protect her from even the most base threat. It is days like those that make me feel like some lone warrior, armed with the weapons of the greatest blacksmiths of the land, fighting the endless horde till the day I die. Something needs to be done about the general lack of computer knowledge possessed by John and Jane Doe, simply because it is their general lack of basic computer security that is proliferating the rapid growth of spyware and viruses to the point that the internet simply isn’t enjoyable anymore. How to go about disseminatingthat iformation? Well that is a different topic for a different time.

Posted: 2/5/2005 in:

The DreamPack Experience

Being as how I am a Geek, I have lots of fun toys to play with at work. But one of my favorite items that we have is our “GeekCD”. It is a bootable BartPE disc with a plethora of tools at our disposal. Among the coolest of the features that we have on the CD is DreamPackPL. For those who don’t know what DreamPack is I will break it down like this, it is the utter destruction of local machine security. If a person has access to the Boot to CD feature of your machine, they can completely take control over your system (Windows 2000 and XP only) with minimal effort (even if every account has a super strong password). Some of the best features of this program include:

  • Bypass user passwords (no password needed, even if the account has a password)
  • Logon to the machine with System(!) privileges
  • Disable Windows File Protection
  • Show and calculate Hashes

In case you hadn’t noticed the most amazing portion of this program is the fact that you can boot the machine and logon with System privileges. That’s right, who needs Administrative rights when you can logon as System (root who?). How does it work you ask? Well, it replaces Windows sfcfiles.dll and modifies the registry outside of Windows (DreamPack can be loaded from its own CD or through a BartPE plugin) so as I said previously, if you have access to boot to cdrom, there is nothing the computer’s owner can do about it.

As many nefarious uses that DreamPack has (as I’m sure you are all thinking about at this moment), it also has many useful features for a computer technician:

  • Assist in spyware removal. (When you are logged on as System there is nothing you can’t do)
  • Service Pack 2 installation on XP boxes(prevents errors when loading from registry key permissions)
  • Resetting passwords for the people that forget their logon password (you would really be suprised how many people actually forget their password)
  • Bypassing private user directories in XP Home machines (parents love to know what their kids are up too)

Granted that the spyware removal portion is actually a non-issue with our GeekCD, seeing as how we have HijackThis! (all hail Merijn), Ad-aware, and Spy Sweeper setup in our Bart environment with a registry redirector that allows us to remove both files and registry entries without the machines Windows environment ever being loaded. You’d be amazed how much work this cuts down, when spyware isn’t running in memory and trying to keep itself alive while you are removing it. Add to that multiple virus scanners, a registry editor, registry restore wizard, and a few other fun machine cleanup tools, you have a nifty little package for a quick and painless cleanup on even the most spyware/virus ridden computer.

As a note for something I discovered this evening: NEVER install DreamPack and logon as system with a computer running Microsoft’s Antispyware Beta. For some reason all the registry entries for the DLLs that are registered by the program become corrupted and are inaccessible completely outside the System user. Why this happens exactly I’m not quite sure, but it is is major pain to fix. The program first needs to be uninstalled and then, every single registry entry pointing to ten different DLLs has to be deleted manually from the registry while logged on as System. If you are not logged on as system there is no way to remove those entries (even attempting to take ownership of the keys fails), which makes this an even more painful process as I had already uninstalled DreamPack. Once all the entries have been removed it you can then reinstall the program and everything works peachy. This was a painful lesson to learn, as I had to gratis a customer 45 minutes of my time to fix my screw up. Oh well, live and learn.

So let me end with this, everyone that fixes or manages computers should be walking around with their bright shiny BartPE disc with the DreamPack plug-in. If nothing else, it will keep them from going gray, and make their jobs infinitely easier.

For more information on the BartPE and DreamPackPL check out the following pages:

Posted: in: