Sunday, December 28, 2008

Vista's UAC - Stop the Nag

This article shows how to disable UAC prompts only in the Start Menu while leaving the rest of UAC enabled. This stops one of its most annoying nags without compromising security.
Vista's User Access Control (UAC) is the primary reason people dislike Vista and many power-users disable the feature. Microsoft made it so invasive that it became the butt of Apple jokes and it is the bane of almost everyone.

This article shows how you can easily leave the feature turned on while disabling one of its most annoying nags. The changes I am recommending will not compromise your security.


See this article for Windows 7: Disable Windows 7 UAC Nags

A Refresher:

UAC prompts for permission each time an application attempts to install or if you enter a "secured area" of the operating system.

These are legitimate prompts and Microsoft is trying to protect you. But if you are building a new computer and are installing dozens of applications and utilities, UAC becomes a nuisance and I recommend turning it off during the computer's initial build. Follow these steps:

Turning UAC On and Off:

A. Open the Windows Control Panel (Start, Settings, Control Panel).
B. Tunnel to "User Accounts"
C. Click "Turn User Account Control On or Off"

But after the PC is built, UAC should be turned ON.

As your computer ages, UAC prompts become less frequent for no other reason than you are not installing as many applications. If you do install a new application, or if you open a protected area of the operating system, expect to be prompted. If you disable UAC permanently, you are leaving your PC vulnerable to viruses, spyware and other applications which can install without your knowledge.

Fixing Icon Prompts:

However, if you are like me, you are always fiddling with Start Menu and Desktop icons and when moving or deleting icons, UAC is merciless with its prompts. Why UAC is so concerned about a mere Start-Menu icon is beyond me, but with a minor security change, you can disable UAC in these areas while leaving the rest intact. Follow these steps:
1. Open Windows Explorer
Select menu Organize, Layout, Check "Menu Bar"
(This exposes the File, Edit menus)

2. Select top-menu, Tools, Folder-options, View (View Tab)
In the Advanced-settings checkbox list,

* Show Hidden files and folders
[ ] Hide Extensions for known file types (uncheck)
[ ] Hide Protected Operating System Files (uncheck)

Click Apply
Click Apply to Folders

3. Close and re-open Windows Explorer
Tunnel to each of these two folders:

C:\Users\Public\Desktop
C:\ProgramData\Microsoft\Windows\StartMenu


4. "Other-Mouse-Click" the folder, choose Properties.
Click the Securities Tab, then Edit
Select your user-account from the list (or select "Everyone")
Click "Full-Control"
Click OK
Repeat for the other folder.

Click image for a larger view; click right-x to return

Microsoft made significant changes to the UAC in Windows version 7, but until then, consider this idea in order to remove some of the frustration. If possible, consider upgrading to Windows 7; it is a better operating system than Vista.

See these related articles:
Windows 7 UAC Icon Nags
Vista Spiffs 1
Optimizing the Windows Paging File
Disk Cleanup Steps

Saturday, December 13, 2008

Tame Web-Browser Cookies

This article discusses how you can control Browser Cookies and stop, at least, some advertising sites from tracking your history.


This article is obsolete.  See this newer Keyliner article:
http://keyliner.blogspot.com/2016/09/stop-tracking-cookies-using-whack-mole.html


Browser Cookies (small data-files that web-sites leave on your hard disk) are good and bad. Your online banking site, blogging tools, or Amazon.com legitimately use these files to help you log in and remember preferences and in general, you must allow Cookies for websites that have login screens or data-entry forms -- but even then, the cookies are only needed at the moment of log in and can usually be discarded. Most people do not have their browsers set in this fashion.

For a majority of other sites, cookies are optional and they offer no benefit to you. Almost every banner ad generates a cookie. These "3rd-party" cookies track which websites you have visited, how long you were there and how frequently you visit. They use this information to display targeted advertising and then sell the demographic information gathered to other companies.

Most cookies are an invasion of privacy and they slow down your computer. An average computer has thousands of cookies, occupying disk space and internet bandwidth. Here is how you can tame them in both FireFox and Internet Explorer.

MOZILLA FIREFOX BROWSER OPTIONS

Modifying your Browser's Cookie options.

1. With Mozilla's Firefox, select Tools, Options, Privacy.
Check these boxes:

[X] Accept cookies from sites
[X] Accept third-party cookies
Select "Keep until 'I close Firefox'"

2. Click "Show Cookies" and browse the list, noting those sites which are obviously advertising sites. In particular, note doubleclick.net, which is one of the main targets of this article.

3. In the same Firefox Privacy-screen, click the "Exceptions" button.
Block "doubleclick.net" and any other site that caught your attention by typing the name.


If you have multiple user-accounts on the same computer, you will have to do these steps for each account.

Later in this article are other methods for blocking these types of sites.

INTERNET EXPLORER BROWSER OPTIONS

To make the same changes with Internet Explorer, do the following:

1. Select Tools, Internet Options, Privacy-tab.
2. Set the "Settings" slider-bar to Medium High.
3. Click the "Advanced" button.

[X] Override automatic Cookie Settings,
[X] Accept First-Party,
[X] Block third-party Cookies
[X] Always allow session Cookies

4. Return to the first Privacy screen, click "Sites"
5. Add "doubleclick.net" to the Exclusion list.

If you have multiple user-accounts on the same computer, do these steps for each account.


Using the etc/Hosts file to block Sites:

Another popular, although somewhat geeky way to block a site, is to use the "etc/hosts" file (pronounced "etsy-hosts"). In the past, this simple file translated friendly names into IP addresses, but with the advent of DNS routing servers on the internet, the file fell into dis-use and yours is likely empty.

You can also use this file to redirect websites into the proverbial bit-bucket. I use this method for high-volume sites like doubleclick.net and it works for all browsers.

Steps to Modify the HOSTS file:

1. With Windows Vista, click Start, Programs, Accessories. "Other-mouse-click" Notepad and select "Run as Administrator."

With Windows XP, click Start, Run, type "Notepad.exe" and press enter.

2. File-open this filename:
"C:\Windows\System32\drivers\etc\hosts."
(where you must type the dot, no extension)

The file is a simple ascii-text file, mostly composed of #comments. Click the illustration below to view; click your browser's back-arrow to return.


3. Copy the text from the chart below and paste into the file. Paste after the first localhost statement. You can optionally type the statements by hand; be sure to include the "127.0.0.1" and separate the columns with spaces. Don't worry, you can't really mess this up, even if you type them wrong (the worse that could happen is it doesn't block the site) but one warning: Do not add legitimate websites to this list unless you want them disabled.

Initial Recommended List:

127.0.0.1 localhost
127.0.0.1 doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 adds.doubleclick.net
127.0.0.1 doubleclick.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 adds.doubleclick.com
127.0.0.1 123banners.com
127.0.0.1 adforce.com

127.0.0.1 imgis.com
127.0.0.1 advertising.com

127.0.0.1 teknosurf.com
127.0.0.1 appnet.com
127.0.0.1 avenuea.com

127.0.0.1 bluestreak.com
127.0.0.1 burstmedia.com
127.0.0.1 burstnet.com
127.0.0.1 engage.com
127.0.0.1 extreme-dm.com
127.0.0.1 l90.com
127.0.0.1 stats.net

127.0.0.1 valueclick.com

127.0.0.1 websidestory.com
127.0.0.1 fastclick.net
::1 localhost

Note:  You cannot use wildcards in a Windows Hosts. file.  Each variant of a domain must be listed explicitly.  To work around this, see this keyliner article:  http://keyliner.blogspot.com/2016/09/stop-tracking-cookies-using-whack-mole.html


How it works:
If any website tries to connect to "doubleclick.net", the hosts file intercepts the call (by design, this checks the name-resolution before the ISP's DNS server does). When the name is found, it looks across for the IP address. Since this address is the "localhost", this part of the webpage goes nowhere and the advertisement is stopped. On a screen, offending advertisements may "disappear," leaving a hole in the web page. Webpages will load faster.

4. Close and save the file.
Changes take effect immediately.

If you can't save the file (Vista), you probably did open Notepad as an Administrator or, if Windows XP, the file may be flagged Read-Only in Explorer; you can unflag the file by looking at the file's properties.

Also, if you are running a decent virus or spyware scanner, it will intercept writes to this file (in year's past, many-a-virus fiddled with this file). Grant permission to update. For example, Vista's "Windows Defender" prompts with this screen and you need to click "Ignore":



If you were to search, you would find other Internet sites with lists that are thousands of entries long and I'm sure they are all good sites to block, but many will be obscure and you may never visit them. My belief is this list can get too cumbersome. Without better information, I recommend keeping the list relatively short, at most a couple of hundred entries.

Conclusion:

Making these changes will cut down on the number of cookies your computer accepts; this will improve your privacy and has the potential to stop some advertisements from reaching your browser. If you use Mozilla's Firefox, consider also a fabulous program called "AdBlock Plus", which is free. See this article: Recommended Firefox Plugins

Finally, this note: This blogging tool, hosted by blogspot.com, is owned by Google and Google is the same company who bought doubleclick.net. Doubleclick.net is notorious for the amount and quality of information they gather on web-surfers. Tracking is theoretically "not personally identifiable", but when capturing IP Addresses, they come remarkably close. This is one place where Google caught a lot of heat and seems to violate their own company policy of "doing no evil." [Update: At the end of 2008, Double-Click announced it would no longer track surfing habits, noting consumer feedback. Some advertisers balked at being associated with Double-Click. Even though Double-Click will stop tracking, this articles premise still holds: why even allow your browser to connect.]

You may find these articles informative: Wikipedia: Doubleclick.net
and http://en.wikipedia.org/wiki/HOSTS_file


Related articles:
Keyliner: Stop tracking Cookies using whack-a-mole