Utility and Software Lookout

Whew.  I’m exhausted from those last to PE 2.0 posts.

Prepare for some rapid-fire light posting.

These are freeware utilities and stuff that might be worth looking into that I found this week.

• Process Explorer – version 11.33. One of the ultimate Microsoft Sysinternals tools. “This update fixes a bug where the history graph tooltips could display the wrong data point and reduces the memory footprint of the structures that store graph history.”
• Autoruns for Windows – version 9.33. The other ultimate Microsoft Sysinternals tool. “This Autoruns update fixes a couple of minor bugs and adds a new Windows 7 location.”
• WinPatrol v16 Monitors Changes to UAC Settings – If you are a Windows fan and have been anywhere alive over the past week, you probably have hear of some Win7 UAC design “feature” controversy.  Microsoft heard their customers and relented. However, if you use WinPatrol 2008 the upcoming version 16 will provide monitor and notification of changes to UAC settings.  That’s a nice layer to monitor, despite what Microsoft says.
• AutoRun Eater - (freeware) – We’ve covered AutoRun issues and defenses here before. This neat security utility provides a different take.  It runs in the system tray full-time and monitors execution of autorun files when devices are inserted or executed.  Upon discovery it first performs an analysis. If a suspicious pattern is found, it blocks execution, tosses up a dialog window, and presents the suspicious code.  Then it allows the user to block or ignore execution.  Amazingly clever.  Certainly not a cure-all, but it might very well provide a first and easy to use line of defense for non-technical users as well as experienced system administrators who don’t want to use some of the tougher/lock-down methods against blocking all autorun executions.  Check out the Frequently Asked Questions page for details.  Spotted via Donna’s SecurityFlash blog.
• Free Task Manager - (freeware) – I know it is kinda sacrilegious to mention any other Windows Task Manager in the same post as Process Explorer (my default manager), but this one might provide some features for less-technical users.  It doesn’t really “replace” the default Task Manager but provides some extended features such as Disk I/O graphing, port monitoring by application, and a locked-file identifier.  I have and use much more focused and specialized tools for all of those tasks, but for someone looking to move up from the standard, but doesn’t need the power-hitting utilities I use for those things, this might be worth looking into.
• MyLastSearch v1.35 - (freeware) – NirSoft app that “…scans the cache and history files of your Web browser, and locate all search queries that you made with the most popular search engines (Google, Yahoo and MSN). The search queries that you made are displayed in a table.”  This version now lets you filter results by Web browser (in Advanced Options) .
• IECacheView v1.25 - (freeware) – NirSoft app that “…that reads the cache folder of Internet Explorer, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: Filename, Content Type, URL, Last Accessed Time, Last Modified Time, Expiration Time, Number Of Hits, File Size, Folder Name, and full path of the cache filename.”  This version now has an option to filter cache results by displaying only URLs which contain the specified filter strings.  Cool.
• highlighter - (freeware) – Neat log file viewer and analysis tool spotted via SANS ISC Handler’s Diary post this week and offered by Mandiant.  I downloaded the msi installer and in a moment had it up and running. Besides being another tool to read log files, you can highlight words to focus on, and remove “good word patterns” to narrow down your view.  It also provides a neat GUI view in a dynamic image format to show content and structure of the file, along with a histogram view to show patterns in the file. It sounds like a lot but the utility is light, fast and easy to grasp.  It also comes with a nice help file.  Check it out.  If it’s from Mandiant, it must be good!
• HolisticInfoSec.org: Mandiant Memoryze is the 2008 Toolsmith Tool of the Year – Deserved recognition for Mandiant.  Post has some neat tips on their Memoryze capture and analysis tool.
• Threat Detector - Cyber Patrol – Web-based application that will scan a system (Internet Explorer only) and look for usage patterns for dangerous, malicious, or “bad” sites.  Might not help if the history/cache/browsing history has been nuked or if PrivateBrowsing was used.  However, for parents who have systems where the family uses IE exclusively, it might be worth doing a quick scan to see what comes up.  Just a tool, use with a grain of salt.
• GBridge - (freeware) - “Gbridge is a free software that lets you sync folders, share files, chat and VNC securely and easily. It extends Google's gtalk service to a collaboration VPN (Virtual Private Network) that connects your computers and your close friends' computers directly and securely.”  I’m a big fan of ShowMyPC for free remote desktop support, but setting up a remote-to-my-pc connection is a $ feature and getting one set up and running with the open-source tools can be challenging.  MakeUseOf has a great how To: Extend Google Talk Into A Remote Access Tool With GBridge that shows you how to really make this work.
• Wireshark: Wireshark 1.0.6 Released – Open Source network sniffing tool had various bug and security concerns fixed in this update.  In both full install and portable versions.

--Claus V.