I am glad this thread has something of valid interest. Don't want to become the "sideshow freak" of threads.
OK.. I have a lot to say, but I will say it quickly (leave out jokes, arcane references, and anecdotes).
I am in Firefox at the moment working off of a Mint Linux Live CD because my RNAV and I had a very big battle today (my trying to kill him/his connection & him trying to prevent me). I didn't lose necessarily; I went too fast....just like when I missed the fact that Baarod said he lived in Chicago (where I live as well) about 3 thread pages ago. He offered to help me if my latest plan at the time failed. I would have met him anywhere in the city for his help...and for someone else to see/witness this first hand.
[NOTE TO BAAROD: Sorry I missed that last sentence in your post a few pages back. My mistake! But I do think we are close in any event (except it is no less unbelievable), but if I am still dealing with this in the next 24-48 hours, I would be glad to take you up on any help you would give. We can go to the Starbucks of your choice, I will buy coffee and you can use my laptop for 30 minutes.]
AND JACEE, AS SOON AS I AM ABLE TO GET BACK INTO WINDOWS, I WILL PROMPTLY RETURN THE OUTPUT. I APOLOGIZE FOR NOT RETURNING IT TO YOU AS YOU HAD ASKED.
When I say I went too fast in my fight today, I refer to a post by Darkassasin from a week or two ago. He mentioned Avast had a bootable antivirus disk. I managed to procure a clean one-time emergency use .iso of this item from an online friend. I managed to burn the CD, and restarted.... However, when I looked at the Avast page earlier, I did not take note of the fact that it if for XP. Reason this is a problem is because the original XP image never had SATA drivers, so I get the BSOD just when it gets to the menu on an XP installation disk. I had downloaded a XP Black version with SATA drivers--to use as a last resort (as I do not think XP has the same "cutting edge vulnerabilities" that Vista and WIN 7 do), so I have SATA drivers already extracted and ready to be combined with the AV bootCD--which was my plan.
I went into the Linux Live CD and was about to leave to find a another clean computer (well...... "clean" at this point, means working) and rebuild an XP image, with both the necessary SATA drivers and the antivirus software, but I started doing research in MSDN (where it is easy to get immersed for quite some time), and when I checked the time, it was about an 1.5 hours later...So by then the places I know (or friends having PCs), were closed or unavailable, respectively. So tomorrow morning I will build and use the bootable AV cd.
A few things I learned about this thing today. I actually managed to injure it to the point where he needed me to reboot to take back his former control.... Strangely the only thingone that has injured this thing yet has been the utility Registry Booster. I do not even use registry utilities anymore, but I found a site which did a "scan" for malware last night, and it turned out to be an advertisement for Uniblue's Registry Booster. So I went ahead and got it. At one time I used this same program quite often...back then if I ran the utility every other day, I might get 100-140 registry errors on a bad day....(btw, the errors are classified in several categories, like .dlls, invalid shortcuts, OLE/COM/ActiveXt, etc.). I ran this frequently utility and went to a web page to read something, and a few minutes later I went back and noticed that there were
600 errors in "System Software". I was warily encouraged, so I let it run. But it never stopped. It got up to 3000 errors in this category, so I stopped the utility. I then cleaned the errors. It did clean them...sort of... but whatever it did do was not healthy for my RNAV because (this is the cross-my-heart-truth) the mouse pointer was literally vibrating when it was in the "cleaning" stage. After that, I refused the "restart now" request by the application and instead ran it 3 or 4 more times... Each time it had a large number of errors--most of them located in the 64 to 32 bit conversion section of the registry (the WOW64to32 windows module--I think you can see the actual process (or service?) in one of my task manager screen shots.of late).
Though you will all probably be annoyed since I persist at this, but I ask you to just scan the following links...
HTML:
http://msdn.microsoft.com/en-us/library/aa457707.aspx
HTML:
http://msdn.microsoft.com/en-us/library/aa916286.aspx
HTML:
http://msdn.microsoft.com/en-us/library/aa916530.aspx
OK...three links are enough, but they are from pages upon pages of incredibly informative material in MSDN regarding bluetooth. I felt like I was reading keywords from bad dreams that I had forgotten...
so much about bluetooth (from the MS Windows description and implementation of it) in Windows Mobile and actual full PC Windows platforms fit like a veritable glove with so much of what I have observed.....
If you do not read those links and the numerous related ones, I will just share a few key points...(I want to add that I am not forcing a deduction on this either...the whole thing has spooked me and has made me uncomfortable/skittish... while I very much appreciate everyone's help, I will admit that it tortures the alpha male side of my ego that I--who has often been described by friends and family as "really good with computers" for the past 20-25 years--could not take care of this virus/trojan/worm/whatever three months ago and without seeking professional/expert help.)
I. FIrst, bluetooth can pair with
any device in an unsecured (i.e., without authentication) and
silent manner. As used in the previous sentence, the word "Device"
includes PCs, APs (access points) and modems.
II. Most of the drivers used inconnection with bluetooth were related.to
audio services.
III. Bluetooth requires the .Net framework to function (Ummm...I had forgot to mention this to you guys before as it did not seem entirely strange when I noticed it because MS can be ubiquitous however and whenever it wants to be, but in the past 2-3 weeks I have consistently noticed that
before opening up firefox for the
first time, and immediately after (re-)installation of my OS and all other applications, Firefox would report "
one new add-on [had been] installed".
The add-on in question was for .Net 2.0).
IV. The MSDN specifically refers to "Mobile PCs" as a primary or intended target within the scope of what the MSDN calls "API controlled devices".
Mobile PCs, as it is defined includes laptops and notebook computers". <<<--- it might be merely the nascent mental disorder of which I shall succomb in the near future, but I almost heard thunder when I read that....!
I'll stop there, but seriously, I could go on and on and on...Well, OK, here are a few more quickly....
V. Someplace in this thread I mention that in Linux, my eth1 (wireless) adapter disappears completely and is replaced by pan0. Never saw that in reference to anything wireless until I read about bluetooth using and enabling a
Personal
Area
Network.
VI. Mobile PCs have a new platform which developers can use to extend the functionality of their applications...called
Windows SideShow Platform -- known on VIsta and Windows 7 as Windows Sidebar... For weeks (and I thought this was an innocuous bug), the Windows Sidebar would come up at startup no matter how many times I removed it or disabled it from doing so....read below:
Introduction
Gadgets for Sidebar, though developed using the functionality of the Microsoft HTML (MSHTML) runtime, are not limited by the standard browser security model. Since gadgets are locally installed mini-applications that provide a rich set of system access APIs, a packaging and deployment method similar to a typical executable distribution is employed. Packaging
A gadget is downloaded as a "package" of resources and configuration files. The package is distributed as a zip file or as a Windows cabinet (.cab) file. Both methods of distribution require the file extension, .zip or .cab, to be changed to .gadget. If the file is packaged as a .cab file, you can use a code signing certificate to provide information about the origin of the gadget. The user is then presented with this information before the gadget files are extracted. The signtool.exe application included with Visual Studio 2005 can be used to sign a gadget.
Note There is no requirement for gadgets to be digitally signed since the certificates are costly and not commonly used by the developer community likely to create gadgets.
Downloading
Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. When integrated with Internet Explorer, Windows Defender performs file scanning on downloads to help ensure that one does not accidentally download malicious software. Gadget packages are included in the Windows Defender scan.
VII. Also...here is a frightening white paper....a page in the MSDN references a white paper entitled
"Wireless Web: Microsoft Mobile Internet Toolkit Lets Your Web Application Target Any Device Anywhere"
But for some strange (!) reason I could not access it.
VIII. Then.....there is this paper:
Windows Mobile 5.0 Application Security Jason Fuller, Microsoft Corporation, May 2005
Summary: Every Windows Mobile–based device implements a set of security policies that determine whether an application is allowed to run and, if allowed, with what level of trust. To develop an application for a Windows Mobile–based device, you need to know what the security configuration of your device is. You also need to know how to sign your application with the appropriate certificate to allow the application to run (and to run with the needed level of trust). (9 printed pages)Note This document describes the designed and intended functionality of the security model. This does not guarantee that a targeted malicious attack cannot compromise the intended security protections. The following security functionality is provided as is and is for informational purposes only. Microsoft makes no warranties, expressed, implied or statutory as to the performance of this functionality.
IX There is a section called [MS-RAIW]: Remote Administrative Interface: WINS Specification. A sub-topic of this is called Remote Administrative Interface: WINS protocol relies on RPC [MS-RPCE] as a transport. It is used to manage WINS service on servers that implement the Windows Internet Naming Service (WINS) Replication and Autodiscovery Protocol [MS-WINSRA].
X. And remember what I said about the service "Plug and Play"??? A service I would usually disable but since early on I am prohibited to do so????
Read the following straight from the MSDN (emphasis added)
:
Universal Plug and Play (UPnP) is a distributed, open networking architecture that enhances peer-to-peer network connectivity for personal computers, wireless devices, and other intelligent appliances. UPnP uses existing standard protocols, such as TCP/IP, Hypertext Transfer Protocol (HTTP), and Extensible Markup Language (XML) to seamlessly connect networked devices and to manage data transfer among connected devices.
[...]
UPnP provides an architectural framework for creating self-configuring, self-describing devices and services. Networks managed by UPnP require no setup by users or network administrators because UPnP supports automatic discovery.
UPnP enables a device to dynamically join a network, obtain an IP address, and convey its capabilities on request. Control points can use the UPnP application programming interface (API) to learn about the presence and capabilities of devices that are registered on the network. A device can leave a network smoothly and automatically when it is no longer in use.
UPnP uses no device drivers. It is media-independent and can be used on any operating system (OS). UPnP offers programmatic control to applications. UPnP enables developers to write their own user interfaces for devices, forgoing the vendor-provided interface.
Security Note: (thanks MS for making this section easily discoverable and with all implied risks outlned thoroughky!!!)
Because a UPnP service can potentially be remotely activated without authentication, it presents an area of vulnerability for a networked system. When UPnP services are deployed in a controlled environment, such as a home or business intranet where all the users are trusted, the risk of malicious attack is lessened.
XI. Another interesting quote:
The Remote API (RAPI)
The Windows CE Remote API is a specialized remote procedure call (RPC) facility. We call it a "remote procedure call" API because RAPI functions cause remote function calls on connected devices. It is "specialized" because you can only call a limited subset of device-side functions. Most RAPI functions provide access to a device's object store and device-side file systems. As we describe in Chapter 16, the object store is the permanently mounted RAM-based storage area that contains the built-in file system, the system registry, and property databases. This is not the only storage available, however, and RAPI also lets you access whatever installable file system is present to support removable Compact Flash cards, Smart Media cards, disk drives, etc. [Comment 21cs.49]
Remote API and .NET Remoting [Comment 21cs.50]
If you have worked with the desktop .NET Framework, you might have heard about .NET Remoting and be wondering about its relationship to the Remote API. Aside from similar names, these two technologies have nothing in common. [Comment 21cs.51]
The ability to access the object store means that a RAPI program can access any stored data. You can, for example, open a file and copy part of it – or all of it – from the device to the desktop. You could open the system registry and create new keys, or read and write values on existing keys. You have complete access to the property databases in the object store, so that you can create a database, delete a database, add or remove database records, and read or write individual property values. [Comment 21cs.52]
The Remote API is a set of functions that are exactly like the Win32 functions used to access files, registry entries, and CE databases. The only difference is that each of the functions has a slightly different name – a prefix of "Ce." For example, the Win32 function to open a file is CreateFile; its RAPI equivalent is CeCreateFile. Once a file is opened, you read a file's contents by calling CeReadFile, and close the file by calling CeCloseHandle. This is different from the approach we took to file access in Chapter 15, where we discuss using System.IO classes. And instead of ADO .NET classes, access to property databases is through a set of C-callable functions with names like CeCreateDatabase and CeWriteRecordProps. [Comment 21cs.53]
***I mentioned to Jacee earlier today that the RPC service (along with Plug and Play) have, since the beginning of this, been strictly off-limits to me...
XII. Quote on .Net Services 4/2009
.NET Services Overview
Microsoft .NET Services is a set of Microsoft-built and hosted Windows Communication Foundation services for building Internet-enabled applications. .NET Services provides applications with a common infrastructure to name, discover, expose, secure, and orchestrate Web services.
In This Section
.NET Services is designed to significantly lower the entry barriers for new types of interconnected Internet-scale applications regardless of whether they are Web-based, they work through application-to-application federation, or they want to exploit the rich user experience and media capabilities of modern desktop environments. .NET Services consists of the following three services:
Service Bus The Service Bus provides a hosted, secure, and broadly accessible infrastructure for pervasive communication, large-scale event distribution, naming, and service publishing. The Service Bus provides connectivity options for service endpoint, providing connectivity options for service endpoints that would otherwise be difficult or impossible to reach. Endpoints can be located behind network address translation (NAT) boundaries, or bound to frequently changing, dynamically assigned IP addresses, or both.[...]
**I had a problem with the Serivce Bus looking for an audio driver just yesterday.
----------------------------------------
OK, I know that is alot (and there is so much more that directly correlates to things on my system), and you may have skimmed it, but I am telling you with absolute conviction, this is a schematic for what is happening to me -- at least in part. If you all put on your old hacker hats--the ones that made you really think out of the box about how to make something do what it was not intended to do (now in one's career in IT, they call that "problem solving"), you could conceive very easily of the potential for misuse....I read perhaps 60 pages from the MSDN, and the recipe for this all system and for what is happening to me jumped out Even if I had not seen so many of the protocols, methods, support platforms, and other unusual things on my system that one does not typically encounter
I have a little more to say (I have not said much actually, since everything above this is a quote), but I am going to post this now before I lose it--that is part of the paranoia I have been developing over the months.
Paul
