Hot:

I recently took the challenge to try out the new Snort 3.0 alpha that Marty Roesch released upon the world. I was glad to see a new version of this tool available and was eager to see it work. I have had extensive use of snort over the years and can say I’m quite happy with the current 2.6.x.x builds. They are however very good working builds and are capable of doing what they’re configured for but they seem overly complex for the job at hand.

Honestly I can say that the instructions are very good at installing but like most people…who follows instructions? Don’t we all want to trailblaze?

I was at the time running Ubuntu 6.06 and getting ready to upgrade to 7.04 and decided to do the upgrade before I tried to build snort. I had a current 2.6.x build installed and also a 2.7.0.1 beta that were working. I removed the 2.6 build and left the 2.7 beta1 which managed to work with a bit of fixing.

After confirming this was fine and did a complete image backup of the computer. This ensures I can reload this image to disk and reboot the computer immediately. In fact I use disk partitions but I think you get the idea. This is my saving and backup method of choice. I use Restorer 2000 Pro Net to perform these tasks to a networked storage box. Restorer allows you to mount images also to partially restore or to test backups. Image backups can be quite handy let alone time saving.

Well I decide to pop in the 7.04 cd and start the upgrade process. What? No upgrade process? Cheap buggers, well I’ll just have to make my own. Using the Synaptic Package Manager, I run a full upgrade check and compare against the latestest versions on the CDROM. Then I force it to apply all upgrades.

This gets to about 25% of the way and then fatally errors with something I don’t recall. The system now boots but not completely and even though to some degree I can use it, really it’s not.

So, back to the drawing board I restore the original partition and decide to do the proper upgrade to 6.10. Well this worked very well. I was quite happy with myself so much I made another backup after successfully using my 6.10 installation. Then I went ahead and did the 7.04 upgrade. This worked also very well. Afterwards I found myself enjoying my new Ubuntu package I recalled that I was doing this for my snort alpha testing!

Back to work I get the snort alpha copied over to this box using wget, awesome. Unpacking the tar.gz I review the README to discover I need LUA and LIBDNET and UUID in addition to LIBPCAP. Well I have libpcap working fine as I have snort 2.7 working fine. Ok, so I need to get lua and libdnet (at this point) for sure since I’m pretty confident I have e2fsprogs installed fine (which was the recommended means to get the UUID stuff). I attempt to get the source for lua and compile it, but I get stupid errors with readline. I realize the *dev package doesn’t version match the readline package and as a consequence doesn’t want to compile nice and easy.

Cursing, I decide either I figure out how to get readline to compile or I find out how I revert back to an older libdnet/lua. Then I remembered that Marty mentioned that it worked with 6.10 so I figured this must have had a matching revision for these packages to their devel counterparts! So I went back to the 6.10 install and then tried the same thing. This was a better success, but still ended up encountering errors with libdnet. This was befuddling but this time the errors were specific to finding the files that ‘should’ be there. Guess what? They weren’t. I hadn’t installed the devel packages so I realized that I needed to actually ‘make’ these installs instead of using synaptic. While I was running around looking for the actual downloads, I realized the ’3rdparty’ directory that actually included both these tar files. Sure lets use these. First I did libdnet and it worked fine. Attempted to make snort again, and it still didn’t work, but this time I had no errors on libdnet. So I decided to go ahead and make lua from the snort package and then attempted to make snort. It got past lua and then found a new complaint.

This time it complained about UUID. In fact I did not have the UUID headers and again was dumbfounded over the missing headers. I did a quick google however and came up with a forum for some other product with a similar problem, and everyone complaining about having to download the entire e2fsprogs-devel package to get them. Someone then stated that the uuid-dev package would have them (for debian) and have been recently added to the 3rd party repo’s for this very reason. A quick ‘sudo apt-get install uuid-dev’ did the trick for me I’m quite happy to say.

After this I completed the make of snort and was able to quickly start testing it out.

It looks to have some very effective ways to process traffic, but have only finished the suggestions of the README. I’m curious to see how well it develops into a future version. Using LUA was a big concern for me, but really doesn’t seem to be causing any resounding concerns. I’ve become accustomed to it for now, but I’m not actually using it for development either. Hopefully I’ll update my experiments with it in short time.

For now Snort 3.0.0.a1.4 gets a thumbs up as a usable alpha program, now back to testing!

Hot:

Well everyone needs an antivirus solution don’t they?

 

No.  I don’t believe everyone NEEDS one anymore.  To be truly effective you will probably need two or three, but good luck running them all together.  Its not recommended, and you will probably have real issues.

As a consequence even software designers are realizing this and integrating their AV solution into a more comprehensive and complete solution, bringing other features that should not be part of a pure anti-virus solution.

 

Let me state some declarations for the security vendors out there who may read this.

First declaration.  We don’t want “vendor-specific” integrated solutions.  Period.  Anyone who thinks they do can email me directly or on the forums and we can discuss it. 

Second declaration.  No AV/Security Vendor has a ‘good’ integrated solution let alone a ‘excellent’ one.

Third declaration.  Stay out of endeavors unless your going to do them well.

Now even some AV products are moving into integrating other ‘features’ into their software.  Kaspersky v6 Beta is one of those.  This was supposed to be a pure Anti-Virus program but as I highlight it isn’t.

 

Since this is an article about my last 24 hours with this program I shall try not to pick on integrated solutions any more. 

Why I don’t believe you need AV products anymore?

Truthfully virus’ are very very rare forms of malware these days.  They are making a bit of a comeback but mostly as rebuilt worms or trojans.  Worms and trojans are the big purveyors of nasty malware, and of course spam, phishing etc are even larger spreaders of the disease, BUT they are not virus either. 

 

So Anti-virus products simply waste resources and offer little to no actual protection?

Exactly.  Almost none are capable of “true” real-time protection unless you are being infected with very old malware.  However this is really where the value in Anti-virus software is.  Typically the value comes into play only after you discover that your already infected. [1]  Sure none of us like this, and we wish we would never get infected but it happens.  Our AV solution typically works good to excellent at removing and cleaning ‘known’ infections.  Sure, sometimes we need to do more than scan, quarantine, and delete, but our investment in the AV program should be able to assist at weeding out the ‘known’ malware and ensuring our data is clean. 

Only in the know…

It doesn’t stop unknown virus’.  Hence why you need to keep updating your software with new ‘signatures’ and additionally keep scanning your systems to keep up to date with what’s ‘known’.

Anti-virus software tends to be excellent at dealing with virus, pretty good at trojans and worms, but ‘only’ if the signature is up to date.  Besides nobody trades floppy disks much anymore so boot sector virus’ are dying out as malware matures in new forms[2].  So the AV product typically cannot stop trojans or worms from moving around, unless it has detection signatures for it.  But these definitely are acquired after the trojan or worm has typically ran it’s course.  Some worms have lifetimes in seconds.  How do you detect it, report it, confirm it, publish it, add it, update it, scan it all in a few seconds?  You can’t.  You would be infected during that phase with no trigger from your AV software.  

Since I don’t need to waste time and money getting little return on investment I choose not to install Anti-Virus tools.  Regardless of the solution though remember, “true” real time protection comes at a cost to performance.  On a home PC who wants to give up performance?  On a gaming machine, no WAY your giving up performance.  So don’t waste your time installing this software on these machines.  There are better solutions. 

Isn’t Kaspersky Anti-Virus v6 Beta different?

Yes.  Kaspersky v6 Beta was downloaded as I have always heard good things about this company and they tend to get fairly favorable reviews.  However most people hated v5 for a variety of reasons and I was led to believe (reading other reviews) that 6 was like a phoenix from the ashes type of release compared to v5.  It wasn’t.  It’s very like 5 and add new features you may love, but I guess you won’t, I sure didn’t.

From the beginning

Well the MSI installer was the first strike against this product. I’m no fan of the MSI installer, it creates numerous difficulties at installing software, and there should NEVER be a PROBLEM installing software. If there is, you shouldn’t have released it with the problem.

 

I attempted the installer on Vista RC2 and it completely failed with no real error (unknown error, didn’t I just type this…).  I then attempted to install this on a XP SP2 box I use that has ‘never’ seen an Anti-virus product before, and has been running for 6 months.  This installed fine requiring a reboot at the end.  However it attempted to update during the install, and this simply caused a hangup of both the installer and windows explorer.  I wasn’t impressed.  The reason for this hanging will be clear in a minute.

 

After a successful reboot, the software came up and started flagging various dll’s mostly, with nice smallish yellow popups,  and asking me what I wanted to do.  Folks, this is like many MANY other products out there, most are firewall solutions, but a few call themselves Anti-Virus solutions.   Now with all these packages the capabilities are morphing also.  Its an application tracking program that shows hooks into system routines, accesses and injections and changes of course.  This can be a very powerful tool to ensuring you stay protected.  However this!?!?!? In an AV product?  Give me a break.  Someone forgot to tell these folks ‘I only want my AV software bothering me IF IT’S A VIRUS OR OTHER MALWARE!!!!!!!’, we do need to remind them.

Why is this a problem?

I expect my anti-virus tool to ‘detect’ virus’.  Not tell me every little thing going on inside my system.  If I wanted an effective tool for active malware discovery I would use a serious appliance built for that purpose.  Maybe  the Anti-virus software guys and gals want to detect 0-days, something they never have done in the entire history of anti-virus tools.  Great lofty goal, but then they break trusted processes (detecting and removing virus’) with new features that can misplace trust, and then all bets are off.

So, question is.  Do I really want this level of protection?  Maybe. 

Do I want it from a trusted application like an anti-virus tool?

No, since they don’t know whether it’s malware or not, it asks you to make the decision.  I’m not sure if this would have an effect on scanning files against known attacks but I’m not about to either guess or take a chance.  Of course in my case I’m sure this is all innocent routine stuff, but it’s being treated inappropriately by Kaspersky so it’s possible one can make bad decisions.

 

Every little task generates this ‘alertwindow’ providing you only with:

 

A:  The classification of the alert;

B:  The location of the file causing the alert.

Then you have to make decisions as to:

C:  Whether to accept or deny it;

D:  Whether to make the above choice permanent, or just this time;

E:  Whether to simply trust this application to do what it wants, or not.

 

Lets look at each of these in more detail.

 

A:  The classification is a single word.  “Invader”  “Downloader”  “Threat”.  You can click on it to go to http://www.viruslist.com and check the definition in the encyclopedia, but don’t waste your time.   The definition you probably already formed in your head is more accurate and descriptive.

 

B:  The location is helpful, but in no way assists in decision making.  Does the software ‘belong’ there?  Are there other files called this also?  What is the manufacturers version information from the file?  Do we have a MD5 or SHA hash to verify it’s integrity?  Is this an essential windows file or not?  Is it a virus because my AV program displayed it to me?  Too many questions still and no definitive answers from the program that’s supposed to be definitive.

 

C:  Whether to
accept or deny this activity.  How am I supposed to make an intelligent decision based on the little panic information I have received so far?  Honestly you can’t.  So you flip a coin.  However chances are something ‘legit’ was trying to do something and if you deny it, very likely the application will now no longer have any communication back to the system including the calls and threads it already created and will typically crash the application or worse the desktop, or sadly, the entire machine.  So, the default choice is to accept it.  Why bother me then? 

 

D:  Now we have to make a choice that we will have to live with if we ever run this again.  Again same logic trail as C: above, so same conclusion.  Why bother me then?

 

E:  Should we just ‘trust’ this application to do what it wants? Now here’s the ‘stop annoying me’ choice, we can tell the program “look you annoying software, quit bugging me with popups and just trust the blasted application”.  Still we don’t know whether this is our photo gallery we wanted to start up to add some pictures from the weekend, or the latest worm/trojan file deletion tool.  But we can trust it and never hear from Kaspersky again. 

 

So the conclusion, this behavior from Kaspersky isn’t warranted or desired in an AV product because it doesn’t provide decent support.  It simply gives the user very powerful filtering capability which one can most simply avoid, and probably will.  This type of processing smacks of ‘host intrusion prevention systems (HIPS)’ but these are typically poor or overly complex applications.  Here with Kaspersky AV v6 Beta we have not overcome that hallmark.

 

The second contention I have with Kaspersky AV v6 Beta, is all the links direct one to a page to download the ‘trial version’ from, but with no way to activate the ‘trial version’.  The docs indicate that the activation tool (help -> activate) allows one to buy a license for this or activate later, or activate with a trial code.  Well the ‘trial version’ I downloaded from the ‘trial page’ does not have a ‘activate with trial code’ option.  So it’s either no updates or buy a license.  Well lets see how it does with it’s current database on my box that has never seen a anti-virus tool.  Aha, this is why my install hung up, it won’t allow the updater to update.  How silly.

 

Ok, I start the scan and I do like some of the options it provides like showing you all the exploits at theo >end f the scan.  I like this.  So, I run the scan, it estimates about two hours to scan everything (lots of partitions) and unbelievably it was done in just under two hours.  Very impressive.  Two little things I have seen before but they actually work as expected.  Wow.  It’s truly unfortunate that little else worked as great or made a positive lasting impression on me.

 

Remember we scanned a box that has XP SP2 installed patched semi regular (I let it inform and download, but I install manually) basis, no firewall except windows firewall, no antivirus ever until Kaspersky v6 Beta was installed, This has office 2003 installed runs Outlook as the mail client, has perl installed, IRC runs constantly, and most web browsing is done from this box, including this report being initially typed on it.

 

After a full two hour scan of my box I found one ‘threat’ on my PC.  Oh, that’s darn good I say to myself.  Just one file.  Considering some of the PC’s people have brought to me that I’ve cleaned up, repaired and rebuilt over the years, typically finding unbelievable amounts of malware  or a simple single infection still resulting in numerous files found during a scan.  Just one file infected.  Must have contained it…

So what one did I have?  I clicked on the result and was shocked.  The result was ‘Not-a-virus:mirc-616.exe’.  I couldn’t believe this.  It was showing me a backup copy of MIRC from my last update.  Hey I use MIRC daily, and rely upon it.  I bought the tool so I’m licensed, and when it did an upgrade it created a backup first.  How intelligent. 

So why is Kaspersky bugging me about this innocent tool?

 

I guess someone could ‘run’ it and take advantage of the exploits to infect my box, so I deleted it afterwards.  Was it infected?  No.  Why does it flag me with a bunch of insignificant warnings when it’s harmless?  Why did it not say ‘look you should delete this old version or upgrade if this is the current version you are using’?  Because it’s not a patch management solution, nor is it an auditing solution.  So I cannot fathom why my Anti-Virus software is behaving like one. 

 

Maybe it’s trying to be more encompassing and deal with the latest threats, rootkits.   But then shouldn’t it promote itself as an anti-rootkit tool?   Well we all know that there isn’t any such thing (yes many are trying to build one, but nothing actually works in detection), even tools such as ‘Rootkit Revealer’ by F-secure simply tell you a bunch of stuff that may ‘look’ like a rootkit, but you’ll have to do much more system analysis to determine for real or not.

 

Lets do some work

So, I figure I’ll wait and see if I can get the 30 day activation code to use this product, check around to ensure I haven’t missed something in terms of getting the proper beta product.  In my travels I find this great RAR file I want to download.  Ok firefox causes numerous popups in Kaspersky as DLL’s are loaded to process the download.  Ok I get the download and click on open in my download window in firefox, get more including AdobeIEsomethingorother.dll I can’t see why it needs this and select deny.  Windows Explorer crashes.  Ooops.  Attempt to repeat, crashes again.  Turns out that the download window launches in explorer.exe space and any time it looks up how to handle extensions several dlls are loaded for that purpose, including the AdobeIEsomethingorother.dll that I denied.  I wasn’t running IE or Adobe, but Windows Explorer (explorer.exe) required it during it’s initialization and denying it made it quite unstable.

 

Ok, this is not why I have security products installed on my machines.  I install them to:

 

A:  Improve the security of my systems, and improve my ability to do said;

rr

B:  Improve the stability and reliability of my systems and the data that resides on them

C:  To protect and ensure the accuracy and validity and privacy of the data and software that resides on the machines.

 

If the software I’m installing/using interferes with ONE of those conditions it fails and gets removed.

 

Kaspersky failed on the first two accounts.  It did not improve my security, and it destabilized my system by halting processes in stream to popup windows.  This regularly caused issues and in some cases fails, or crashes or unrecoverable applications.  In one case it completely crashed my TCP/IP stack since the protocol doesn’t like waiting for responses.  As for the third I can say the installation/removal of the software did not adversely affect any system files.  It did not interfere with the accuracy of the files that presided, nor did it interfere with them (outside of the routine application issues)

 

I could not recommend this product since:

 

1. It misleads the user about particular findings
2. Activation was a major headache with no immediate solution attainable
3. The product introduces so many additional points of failure that system stability could be a factor
4. It wastes the users time with notices of things that are innocent additionally it doesn’t make notice of important things.
5. Misuse of the tool by the user can render a machine or application useless.  Even to the point of crashing system kernel routines.

 

In my opinion this Anti-virus product is only 1/5th of it’s capabilities, and I was not seeking integrated solutions.  Since the AV portion does seem to work effectively it alerts you to non-virus files, which could cause one to delete something they use accidentally.

Installation Ranking: 3/5 – Using MSI and saying it installs on all windows but would not on Vista nor would it generate a decent error.  XP works fine.

Initial Setup and Patching: 1/5 – Unable to do anything except hang the machine attempting to make connections the
program blocks.  Unable to recify within test period, granted it was very short, so we give it a one.

Usability: 3/5 – Overall the program worked as we expected and did not cause issues or confusion when we asked it to do things.  It was not so clear when it prompted you with popups about app activity.

Dependability: 3/5 – Overall it’s engine scanned effectively and found all the planted malware on our test box.  It’s discovery of non-malware as malware concerned me greatly about it’s ‘cry wolf’ potential.  I would not rely on results singularily by this software I would have to confirm them with another more reliable package to ensure it is accurately determining valid malware, and not potential malware. 

Overall score: 2.5/5 – Software adequate.  Price to purchase unrealistic to it’s abilities.  Certainly has potential as a combo AV-Application Watcher, but why?

I don’t want to have to second guess my results, my AV software shouldn’t either.  If it does then it no longer has any ability to do what AV software is supposed to do….detect.

 

---

[1]This happens as a result (typically) by being infected during the ‘unknown’ phase, and once the signatures were updated, you now ‘detect’ the infection running around doing whatever it wants until now.

[2]Traditionally you got virus from copying files usually from a floppy disk.  Over time as other file transfer methods developed, the ways for virus to spread changed also.  However malware creators also realized that in order to get the virus around, they needed to figure out how to spread it.  Email, news, IRC protocals were used and the development of hiding virus in (even legit) programs was developed, now commonly referred to as trojans or trojan horses.  Worms also are an effective spreader technology since it’s whole concept in life is to move around the internet.

Hot:

Well as my previous blog item indicated I’ve gotten Vista installed on VMWare.   I’m still debating about actually using a  PC to do a full install as I feel I may wipe this and start fresh again.

It’s a good thing I’m not a rush out and upgrade everything person such as I was in the past.  Yes, I used to be terrible at getting the latest code/beta’s and hardware and throwing it together and hoping it works.  With tear apart PC’s this is ok, but for production work or serious gaming boxes one needs stability.  Rushing the latest OS or patch just to eliminate a bug or add a feature are nice reasons one needs to ensure that everything that was, still is, and everything we expect to be, will be.  Today I’ve been burned by so many upgrades that either broke itself or something else that I’ve gotten very particular about what I install and what I don’t.  On my companies web page we review many software and seldom does a package achieve better than a 70%.  It’s just very hard to find a good documented piece of software that acutally does what it states without issues.  Even some old favorites don’t score as high as would be expected.

This is something that seems lost with many IT professionals, but moreso with Marketing folks than the technical folks.  Yes rush out and get that new update, you’ll appreciate it.  Really?  Thank god for Virtual Machines.  When it comes down to Vista patching during the beta is something that will just have to be done, but at what point does it lose focus with my needs?

 

---

Why you don’t need every upgrade or patch.

My main gaming PC is currently running XP SP1 as I also use this as my main chat and torrent machine.  SP2 showed that it put ‘Microsoft’s idea of security’ ahead of the user, and did things that simply are not required for experienced PC users.   I saw more problems that I decided not to upgrade this machine.  It has caused a lot of problems and as a result to changes to the way Microsoft allows access to it’s updates I no longer get automatic updates on this box.  I can still get them manually and download them, but I hesitate to say that for the most part I don’t even worry about it.  I checked and with the exception of two critical patches in the last year that had to be installed, I haven’t installed any patches or updates on this machine in 18 months.  It’s quite unlikely that for the life of this box (another two years max) I will probably never upgrade this again.  Will Windows stop working or break?  Unlikely it’s working fine now, and since I’m not changing any componants or core kernals functions or adding new unwanted functionality it will remain that way until it dies of a natural death.  This box has been well protected for it’s entire life and the last thing I needed was Microsoft adding features that dumbed down my protection since most users are not aware.   The key is not to allow malware to get on this machine.  To date we’ve been very successful and only now are we seeing others adopt my solutions that have been used since 1996. 

Vista – Latest dummy-proof OS
When it comes to dumbed down, it seems that Vista is king at this.  If my experience with Vista doesn’t improve from newbie-land soon I shall say that I’ll never adopt Vista as too immature of an OS.  I realize how that sounds given all the really cool features implemented but really, many of these cool features can be had elsewhere, other linux distro’s, third party tools to add to XP.   Where I could really use some dummying down is with the error messages and the parlance of the ‘event viewer’.

When you have a problem do you think you get a sensible error message?  No.  It seems the ‘operation’ is dummy-proof, but ‘configuration’ is left cryptic.  Why can’t I have better control of my PC out of the box?  It seems this type of internal schism to the operation of the desktop is tantamount when dealing with any Microsoft product or tool.  When Microsoft cannot adopt their own ideas fully, I should not either.  Neither should you.  Of course this is a beta product so final remarks will wait until it\’s release.

I have Vista installed and running at this point from fresh install.  The security center is complaining bitterly about not having an AV installed on it.  I really don’t need one but to get rid of this annoying red X in my systray I’ve been attempting to install something.

Bitdefender v10 beta.  First choice, says it runs on all Windows OS.  Does not install, unknown error.

Kapersky v6 beta.  Second choice, does not claim to run on Vista.  Does not install, incompatible OS.

PC-Cillan – The Microsoft recommended Vista Beta Product.  Does not install, incompatible OS.

OF course every single tool used MSI to install, so my guess is it never got past unpacking it then it checked.

Why don’t they check before you download and waste all that bandwidth?  I guess they’d rather waste the bandwidth.  I don’t.

So, I’m not impressed with Vista’s installation ability, since there does seem to be a disconnect between what works and what doesn’t with both Vista as an OS and the vendors supplying their tools.

And I still have that red X in my systray…..

Hot:

As I’m sure you’re aware Microsoft had rumored to release Vista this year, but instead decided to delay its release.  We won’t be able to purchase Vista until 2007 now, but until next summer Microsoft has given everyone the opportunity to try Vista in beta test until it’s released.  I don’t think Microsoft has ever before offered a new OS release under a completely open beta. 

Downloading Vista is truly an easy thing, but as anyone who has used windows before, the real challenges occur during the installation and continue into the setup, and do not stop once you are logged in.

There are some nice cleanups and improvements over XP, but I’m afraid that I certainly understand why this product was delayed and certainly why there are still lots of unhappy MVP’s and users.

I have some feedback and initial impressions of the Vista product which I will discuss in future blogs but right now I want to give everyone the information about acquiring and installing Vista.

Keep in mind, getting Vista and installing it isnt any more difficult than any other OS installer or previous versions of Windows, unless you introduce limitations.  Vista really wants to use a powerful machine, and will seriously take advantage of newer hardware.  That certainly doesnt mean you have to upgrade or even buy a new PC for Vista, though it may not be a bad idea.  The time you will run into problems is when you have a box that barely ran XP, and you decide to upgrade/install Vista on this.  That would probably be a bad idea.  If you meet the minimum specifications you should be fine.  If you meet or exceed the recommended specifications you should be able to see and use a very powerful OS.

To start first thing to do is get the software and the license.

The first thing to do is to go to Microsoft’s Vista web page and download the ISO file.  This is a large roughly 3GB file so be prepared to spend some time downloading this, ensure you have enough free space available.  A high speed connection wouldn’t hurt either.  During the initial week of release the download servers were simply overwhelmed and many of the servers and additional processes simply broke.  At the time of writing this, you should have little difficulty as I\’m sure the initial demand has dropped. 

I have a fairly decent cable connection and had the ISO in less than one hour.  I didn’t really time it, I went out for lunch and when I came back I was ready to burn this to a DVD.  An ISO now needs to be burned to the DVD.  Any DVD Burning software that supports ISO images should be effective at making the Vista Installation DVD, in our case we used Nero Burning ROM which is one of the more common and feature rich software for removable media.  Nero was able to quickly create our Installation disk which we booted in our machine for installation.

Yes, a 3GB ISO is not going to fit on a CD, so DVD was the only option which leads to qualification #1 is that you must have a DVD Burner to create the Installation Disk, and the machine your installing to must have a DVD ROM drive.  I have heard some folks attempting to break this into a multi-CD format but I couldn’t be bothered to attempt this.  However this did limit a couple installation candidates for me, and I decided to be able to install this on a couple different setups so I decided to go the VMWare route for most of my installations rather than move DVD ROM’s around constantly. 

Ok, so you got the ISO downloaded, now just like a real Installation you need a product key which Microsoft provides you.  When you normally acquire the ISO it will step you through the process to getting a product key, but at the time I acquired it, this was broken.  Later I was able to go back and get one (actually two ) so this was only some confusion on my part trying to decide what I did wrong. 

You will need a Windows Live account (also known as Passport) and this is easy to setup and then allows you to go to the download beta section and then it will present you with both the download link and the product key for you to use.  The really nice thing about this is that the beta is good for one year roughly and this is exceptional.  I do believe microsoft wants as much possible feedback from the community prior to finalizing and releasing this product.  If so this may be the most demanding OS released in history and additionally one of the more supported and user-backed OS’s ever.   I say this because many linux distro’s and Apple are moving into Microsofts markets and taking advantage of the fact that many folks understand the value they get with non-microsoft OS’s and software.  However many users still require (or think they require) Windows in order to use their PC’s.  By offering Vista as a free beta for a full year you allow the users to grow accustomed to the OS, and when they do release it sales should be immediate.  Just like a game company releasing demo’s, this allows them to guage the market, demographic, potential share, potential growth projections based on beta reaction and feedback, etc.

So to say this was simply an ability for Microsoft to release Vista at no cost to ensure quick adoption of the OS would not be entirely incorrect.  I’m sure there were other reasons, some would say security issues, but I don’t think they would delay because of security issues, unless it was a core/fundamental process in one of the new features.  Other reasons may be because key features still don’t work as well as they should.  Regardless once you have your own copy installed you can decide this for yourself.

If you boot your computer from the Vista disk you quickly see a familiar looking setup environment.  One of the main differences is that awful blue background is gone and replaced with a nice web like white background that loads a image.  Since I chose to use VMWare to install Vista with for my first couple tests, I decided to install it on a fresh machine and had considerable problems.  This was apparently more of an issue with VMWare and following the helpful hints on their support forums enabled me finally get past this I only ever had this error with Vista.  No other OS including Windows varieties had this issue. 

I did not attempt this for real, but the idea crossed my mind, and that was to simply mount the install disk vs. burn and run from a DVD-ROM.  This is not recommended. 

The questionnaire was easier than XP in that it allowed you to get the installer running faster with less questions, the disk setup also is more friendly which allows you to pick which disk, and how to set it up and format it prior to you running the OS installer.  The default admin account is still created and the installer will ask you to create a user for your use (or more if you require, however I would not use this method for anything other than home-based/test installation).  For most users this will be enough to get everything working. 

The installer runs and about 45 minutes later (or more) it starts rebooting and initializing the desktop. This is the time to be patient and allow the installer to do its several reboots to get all the hardware initialized and working.  Hopefully you won’t have any issues with this, as I was using VMWare I had no difficulty installing the basic driver set, and when I added specific drivers for video card I was able to quickly find them online and install them.  The only downside to this I had was the numerous reboots before everything was ready to use.  I counted 14 reboots.

The really nice feature of the login screen is that a key set of features
for accessibility are moved here so that when you login, you can choose the features you want to use, otherwise once you login these features are no longer directly available.  I welcomed this change since windows 95 these features have been left as simple tools that any user can enable at any time, and they tend to cause operational issues that confuse users later.   By sticking these features at the login screen allows most users who never use these features to ignore them and move into the desktop with less ability to enable these ‘while using’ the system, whereas for those users who depend on these features they are able to set them before login so they can quickly take advantage of these features.

Now you login and the desktop loads and you are greeted with a familiar desktop with some interesting changes.  The icons on the desktop have increased  and they are much bigger.  You can even make them bigger than the default install.  I could not comprehend this.  I have used software in the past to make these smaller, and I would have jumped for joy to have discovered a ‘shrink’ or ‘smaller’ option for the desktop icons.  Nope.  Regular, huge and really huge only.  The start button has some nice changes which can be easily configured by right clicking on the taskbar and selecting properties.  The system properties have also taken over the traditional display properties when you right click on the desktop background.  This allows you to make the numerous changes as before, plus additional system property changes. This should make moving around the control panel looking for that setting much less likely in Vista.  For the most part the desktop changes are not revolutionary simply evolutionary but still not utilizing all the ideas that have been developed into other desktop UI’s over the last ten years.  Of course now the Vista desktop actually takes advantage of transparnency in the desktop that has actually been around since Windows 2000.  They’ve also added some nice features that take advantage of better utilization of older features.

From here you get to see the ‘Welcome Center’ which is a glorified control panel and allows the user to quickly get to nearly any setting for the system they might be interested in.  Microsoft Update along with the Security Center run immediately putting the checks into protecting your system from hackers and malware, and Microsoft Defender is running along with the Microsoft Firewall also.  Essentially the next thing is to install a Anti-Virus product, and the Security Center takes you to the one Vista-ready product (Trend Micro) but the product is not available for download.  The page indicates that the beta is running and only good til the end of the year, one could decide whether they wish to try this vista-ready product now, or wait for another or to try installing a current stable product and test it on the beta.

Next…New features highlighted and discussed.

Hot:

What more can I say than that.  If you have noticed wdfmgr.exe in your process list, one would say you were recently upgrading or installing  Windows Media Player.   Windows Media Player 10 seems to be getting the lion’s share of a beating for this exe’s integration into our desktop environment., as it is called the Windows User Mode Driver Manager one would think it came with a Microsoft product.  Not necessarily.

 

---

I was curious about this tool since I had some non-related strange behavior   I was working on and I decided to upgrade install Winamp (almost as regular as Microsoft…sheesh).  During the install it started bitterly complaining that I was not running the latest version of (speak of the devil) Microsoft’s WMP 10.

!?!?!?  WTF !?!?!?!?

As I was about to post this on some forum [I decided not to post their name] that I tried to post to, and had issues.  So instead I’m posting it here below.

[In comment to the importance of this executable running on a fresh boot]

\r\r

 

So, did Winamp actually install portions or did windows media player detect the changes and intercept the install and upgraded anyways (since I was upgrading winamp…) or had I already agreed to this during a regular Microsoft patch?
 
In this case it was all Winamp.  They actually are installing this.  I would attribute this tool then to AOL and NOT MS.  BUT…  The name is so conveniently linked to typical crapware that’s purpose is subjective to the user and or system.   But I cannot find anyone who will state this is not Windows stuff.  Well I didn’t get it via Microsofts web site.  Why isn’t this disclosed?  Is this another case of mistaken identity?  How can we trust software that is not maintained as we think it should be?  What if my version of Winamp had been tampered with? 

What if wdfmgr.exe is it a nicely named trojan run amok

Since I’ve now observed this behaviour on 3 machines in the same fashion I’m pretty sure this is a ‘for real’.

Now, will the real MS please stand up?