Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Hackers hid malware in CCleaner software

32 views
Skip to first unread message

Blake Snyder

unread,
Sep 18, 2017, 11:28:37 AM9/18/17
to
One more reason to never automatically update software!

Hackers hid malware in CCleaner software
https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security

"download servers used by Avast (the company that owns CCleaner) were
compromised to distribute malware inside CCleaner"

"For a period of time, the legitimate signed version of CCleaner 5.33 being
distributed by Avast also contained a multi-stage malware payload that rode
on top of the installation of CCleaner"

IMHO, almost never does a software update confer any meaningful benefits.

Buffalo

unread,
Sep 18, 2017, 11:51:51 AM9/18/17
to

Flasherly

unread,
Sep 18, 2017, 12:00:32 PM9/18/17
to
If not having taken the lazy route, those rather nasty, at times near
obligatory, riders used by our new generation of grown-up freeware
distributors, where a hash signature, in extremity, or so much as
simple download of the *actual* program, is put on deferment for
further mucking of middlemen jobbers, petty crooks and hackers, in the
form of snakebite installer frontons.

OTH, IMHO, an update may follow as if a wheel: a) least if it hasn't
meaningfulness (benefit to be derived by useful and innovate
programming techniques involving and end efficacy), when b) a popular
devolvement of programming means and methodology has been stymied,
besmirched by the new generation and class of programs intended to
work on hobbled operational system computers, a synergetic
ignominiousness of physicality of handheld devices, and system
builds, largely intended for function through cloud or other paid and
proprietary middle services.

It's rather as one Briton uniquely put it, years ago on the USENET.
Greenspan had liberated the Yellow Skins from a Democratic if not
Christian soul, just beneath, awaiting to burst forth and flower, by
opening the free market door to the Asian hordes: "So, what do you
Yank Dough Boys actually do these days for a spot off the old
quid...practise, as do we, selling insurance policies to one another?"

Jenny Telia

unread,
Sep 18, 2017, 12:33:18 PM9/18/17
to
On 18/09/2017 18:00, Flasherly wrote:



<start meaningless rant>
> If not having taken the lazy route, those rather nasty, at times near
> obligatory, riders used by our new generation of grown-up freeware
> distributors, where a hash signature, in extremity, or so much as
> simple download of the *actual* program, is put on deferment for
> further mucking of middlemen jobbers, petty crooks and hackers, in the
> form of snakebite installer frontons.
>
> OTH, IMHO, an update may follow as if a wheel: a) least if it hasn't
> meaningfulness (benefit to be derived by useful and innovate
> programming techniques involving and end efficacy), when b) a popular
> devolvement of programming means and methodology has been stymied,
> besmirched by the new generation and class of programs intended to
> work on hobbled operational system computers, a synergetic
> ignominiousness of physicality of handheld devices, and system
> builds, largely intended for function through cloud or other paid and
> proprietary middle services.
>
> It's rather as one Briton uniquely put it, years ago on the USENET.
> Greenspan had liberated the Yellow Skins from a Democratic if not
> Christian soul, just beneath, awaiting to burst forth and flower, by
> opening the free market door to the Asian hordes: "So, what do you
> Yank Dough Boys actually do these days for a spot off the old
> quid...practise, as do we, selling insurance policies to one another?"
>

</end meaningless rant>

Have you consulted someone professional for this problem?

CRNG

unread,
Sep 18, 2017, 12:35:37 PM9/18/17
to
On Mon, 18 Sep 2017 15:28:31 -0000 (UTC), Blake Snyder
<blakebla...@outlook.com> wrote in <opoomu$qsj$1...@news.mixmin.net>
>One more reason to never automatically update software!

+1 on that.
--
Web based forums are like subscribing to 10 different newspapers
and having to visit 10 different news stands to pickup each one.
Email list-server groups and USENET are like having all of those
newspapers delivered to your door every morning.

Mr. Man-wai Chang

unread,
Sep 18, 2017, 12:51:55 PM9/18/17
to
On 18/9/2017 11:28 PM, Blake Snyder wrote:
> One more reason to never automatically update software!
>
> Hackers hid malware in CCleaner software
> https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security
>
> "download servers used by Avast (the company that owns CCleaner) were
> compromised to distribute malware inside CCleaner"

Star Wars: Revenge of Kaspersky? :)

--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

BurfordTJustice

unread,
Sep 18, 2017, 3:58:43 PM9/18/17
to

BurfordTJustice

unread,
Sep 18, 2017, 3:59:55 PM9/18/17
to

T

unread,
Sep 18, 2017, 4:55:33 PM9/18/17
to
And did Avast catch this malware? Chuckle.

Mr. Man-wai Chang

unread,
Sep 18, 2017, 4:56:19 PM9/18/17
to
On 19/9/2017 4:55 AM, T wrote:
>
> And did Avast catch this malware? Chuckle.

Should have asked:

Did Avast trust this malware and hence befriended it? :)

...winston

unread,
Sep 18, 2017, 5:06:27 PM9/18/17
to
"T" wrote in message news:oppbrt$sjr$1...@dont-email.me...
> And did Avast catch this malware? Chuckle.


Apparently, yes, on Sept. 12 but initially not made public until law
enforcement involvement and shutdown of the malware's recipient server in
the U.S. on Sept. 15.


--
...winston
ms mvp windows 2007-2016, insider mvp 2016-2018

Mayayana

unread,
Sep 18, 2017, 6:23:46 PM9/18/17
to
"Blake Snyder" <blakebla...@outlook.com> wrote

| IMHO, almost never does a software update confer any meaningful benefits.

Nor do "cleaners".

It used to be that updates came with easy-to-read
details about what was updated. That's rarely true
these days.


Buffalo

unread,
Sep 18, 2017, 7:13:56 PM9/18/17
to
"BurfordTJustice" wrote in message news:opp8jo$3q5$1...@dont-email.me...
Thanks, it sure gets you to that page a lot quicker, clever boy. B&F. :(
--
Buffalo

Blake Snyder

unread,
Sep 18, 2017, 8:21:32 PM9/18/17
to
On Mon, 18 Sep 2017 17:13:49 -0600, in <news:oppjvi$j1b$1...@dont-email.me>,
Buffalo wrote:

> Thanks, it sure gets you to that page a lot quicker, clever boy

What free software do you recommend for checking this in the future?

I have Wireshark, for example, but it's complex to use (as you may know).
I also have Fiddler4, & TCPView, & Glasswire.

None of those would have caught it though because all are active sniffers.

What free software, as a passive sniffer, do you recommend that
would/should have caught the spyware in CCleaner when even Avast & Kapersky
didn't catch it?

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Blake Snyder

unread,
Sep 18, 2017, 8:21:32 PM9/18/17
to
On Mon, 18 Sep 2017 18:23:00 -0400, in <news:opph1e$1fj$1...@dont-email.me>,
Mayayana wrote:

>| IMHO, almost never does a software update confer any meaningful benefits.
>
> Nor do "cleaners".
>
> It used to be that updates came with easy-to-read
> details about what was updated. That's rarely true
> these days.

The cCleaner cleaner keeps the registry reasonably clean.
It also cleans out cache & temp files reasonably well.

I use it mostly as my front end uninstaller.
It removes a lot of the BHOs and other hijacked autostarters.

CCleaner was never meant to be a malware cleaner.

But what freeware scanner do you recommend that would/should/did catch this
CCleaner malware infestation?

B00ze

unread,
Sep 18, 2017, 9:41:46 PM9/18/17
to
On 2017-09-18 18:23, Mayayana <maya...@invalid.nospam> wrote:

> "Blake Snyder" <blakebla...@outlook.com> wrote
>
> | IMHO, almost never does a software update confer any meaningful benefits.
>
> Nor do "cleaners".

+1

> It used to be that updates came with easy-to-read
> details about what was updated. That's rarely true
> these days.

+1 there too ;-)

--
! _\|/_ Sylvain / B00...@hotmail.com
! (o o) Member:David-Suzuki-Fdn/EFF/Red+Cross/SPCA/Planetary-Society
oO-( )-Oo Always remember to pillage BEFORE you burn.

Mayayana

unread,
Sep 18, 2017, 9:49:07 PM9/18/17
to
"Blake Snyder" <blakebla...@outlook.com> wrote

| The cCleaner cleaner keeps the registry reasonably clean.
| It also cleans out cache & temp files reasonably well.
|

I keep a script on my Desktop to clean TEMP.
There's never any reason to "clean" the Registry.
That's a scam that can occasionally cause
problems.

| I use it mostly as my front end uninstaller.
| It removes a lot of the BHOs and other hijacked autostarters.
|

It sounds like you install a lot of dubious stuff.
A lot of BHOs? You shouldn't be getting any BHOs.
I don't understand what hijacked autostarter means.
If you have things setting themselves to run at
startup you should be able to fix that with Autoruns,
which can also be used to deactivate BHOs, browser
extensions, etc.

| CCleaner was never meant to be a malware cleaner.
|
| But what freeware scanner do you recommend that would/should/did catch
this
| CCleaner malware infestation?

I don't use those either, so I don't know.
I would *not* recommend Malwarebytes
without a big grain of salt. I guess if I were
in that boat I'd look up online to find the
specifics of the infestation.


Blake Snyder

unread,
Sep 19, 2017, 1:42:50 AM9/19/17
to
On Mon, 18 Sep 2017 21:48:23 -0400, in <news:oppt2g$r42$1...@dont-email.me>,
Mayayana wrote:

> I keep a script on my Desktop to clean TEMP.
> There's never any reason to "clean" the Registry.
> That's a scam that can occasionally cause
> problems.

I don't know if cleaning the registry is a scam, and, I've never seen a
problem that I could attribute to the cleaning of the registry.

But I have seen *plenty* of left-over registry entries after uninstalling a
program which are cleaned by Ccleaner.

Do those leftover registry entries cause harm.
I can't say.

>| I use it mostly as my front end uninstaller.
>| It removes a lot of the BHOs and other hijacked autostarters.
>|
>
> It sounds like you install a lot of dubious stuff.

I'm way better than most people so I doubt I install "dubious" stuff.
You forget I know as much as you do about many things.
Nonetheless, I do use exclusively freeware - but only the best.
Ccleaner has always been in the list of the best, at least until Avast took
them over.

> A lot of BHOs? You shouldn't be getting any BHOs.
> I don't understand what hijacked autostarter means.

I probably led you astray with the letters BHO which, I agree, are specific
to browsers where anyone who gets a BHO is an idiot - so I see where you
got the idea that I install dubious software.

I used the wrong term.
There is in CCleaner a menu to check
CCleaner: Tools > Startup > {Windows,Scheduled Tasks,Context Menu}

I use Ccleaner to disable all of those.

> If you have things setting themselves to run at
> startup you should be able to fix that with Autoruns,
> which can also be used to deactivate BHOs, browser
> extensions, etc.

There are many programs which, when you install them, try to run all the
time.
>
>| CCleaner was never meant to be a malware cleaner.
>|
>| But what freeware scanner do you recommend that would/should/did catch
> this
>| CCleaner malware infestation?
>
> I don't use those either, so I don't know.
> I would *not* recommend Malwarebytes
> without a big grain of salt. I guess if I were
> in that boat I'd look up online to find the
> specifics of the infestation.

The US gov just deprecated Kapersky by the way.
I'm not sure what the threat is though.

J. P. Gilliver (John)

unread,
Sep 19, 2017, 5:26:01 AM9/19/17
to
In message <oppnu6$i0k$1...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
[]
>The cCleaner cleaner keeps the registry reasonably clean.
>It also cleans out cache & temp files reasonably well.
>
>I use it mostly as my front end uninstaller.
>It removes a lot of the BHOs and other hijacked autostarters.
[]
Interesting. How would you say it compares to Revo?
>---
>This email has been checked for viruses by Avast antivirus software.
>https://www.avast.com/antivirus
>
(1. It's not an email. 2. it may have been clean when it left you
[though I'd not trust that], but not when it reached me [though 2a. I
don't think I've ever seen malware in a text-only post]. 3. Someone'll
be along in a moment to tell you how to turn off the above.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

# 10^-12 boos = 1 picoboo # 2*10^3 mockingbirds = 2 kilo mockingbird
# 10^21 piccolos = 1 gigolo # 10^12 microphones = 1 megaphone
# 10**9 questions = 1 gigawhat

slate_leeper

unread,
Sep 19, 2017, 9:21:32 AM9/19/17
to
On Mon, 18 Sep 2017 21:48:23 -0400, "Mayayana"
<maya...@invalid.nospam> wrote:

> I don't use those either, so I don't know.
>I would *not* recommend Malwarebytes
>without a big grain of salt. I guess if I were
>in that boat I'd look up online to find the
>specifics of the infestation.


However Malwarebytes did catch the ccleaner infection on my system.
Avast did not.



__
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)

Mayayana

unread,
Sep 19, 2017, 9:55:45 AM9/19/17
to
"Blake Snyder" <blakebla...@outlook.com> wrote

| I don't know if cleaning the registry is a scam, and, I've never seen a
| problem that I could attribute to the cleaning of the registry.
|
| But I have seen *plenty* of left-over registry entries after uninstalling
a
| program which are cleaned by Ccleaner.
|
| Do those leftover registry entries cause harm.
| I can't say.
|

You can research it for yourself. Start Regmon or
Procmon. Then start IE. On my system, IE will make
over 5,000 Registry reads in about 1 second. (I don't
know why. Microsoft seem to do that deliberately to
obfuscate the relevant reads. That's the only reason
I can think of.)

So the Registry is incredibly fast. Cleaners generally
target 2 categories: Leftover software entries, like
you mentioned, and HKCR\CLSID keys.

An example of the first might be that Acme Editor
gets uninstalled and settings stay there. That's typical.
In case you decide to install it again your preferences
would still be intact. So you have some settings under
HKCU\Software\Acme Software\Acme Editor\

That adds a few bytes to the Registry and does
no harm. Since it's an Acme Software key, no other
software is affected by the settings.

An example of the second case might be a program
with a bad uninstaller that uninstalled their Acme123.dll
COM library but didn't unregister it. So there are keys
like HKCR\CLSID\{a1b2.....}\ and HKCR\AcmeLib.Ops.
Those are the keys that allow the COM library to be
accessed. With the library gone they're "orphan" entries.
But since no other program is going to use AcmeLib, the
entries do no harm.

The worst that might happen, which is still very
unlikely, would be that you'd see a message like,
"Unable to create object" when a program tries to
access AcmeLib. But you'd see an error message
anyway, in that case, because the DLL is gone. You
might just get a crash instead of the "unable to
create object" message. Either way, the Registry
entry won't matter.

The best analogy I can think of is that you have
a gigantic attic, full of stored stuff, and you hire a
teenager to clean up. The teenager finds 2 incomplete
decks of cards and a broken broomstick to throw
away. You feel satisfied. But nothing useful has been
done in the attic. You don't actually have more space.
It won't be any easier or faster when you want to find
something. And what if the teenager broke something,
or left behind a fire hazard?

If it really bugs you to have leftover settings in the
Registry it's easy to remove the software settings.
Just open Regedit to HKCU\Software\. Each subkey is
a company. You can delete the Acme Editor key.
Either way, anything that actually needs to access the
Registry is going to be doing it in the range of milliseconds,
regardless of whether your Registry is 20 MB or 20 MB
+ 30 KB of unnecessary data.


| >| I use it mostly as my front end uninstaller.
| >| It removes a lot of the BHOs and other hijacked autostarters.
| >|
| >
| > It sounds like you install a lot of dubious stuff.
|
| I'm way better than most people so I doubt I install "dubious" stuff.
| You forget I know as much as you do about many things.
| Nonetheless, I do use exclusively freeware - but only the best.
...
| I probably led you astray with the letters BHO which, I agree, are
specific
| to browsers where anyone who gets a BHO is an idiot - so I see where you
| got the idea that I install dubious software.

I'm not making any assumption about how
much you know. But if you regularly have to
clean up bad installs then something is wrong.
I chimed in because the whole category of
"cleaning" is mostly a scam industry and people
don't realize it. It's like drain cleaners, or gas
tank conditioners, or dryer sheets, or bottled
water, or air fresheners, or gluten-free yogurt,
or life-extending quinoa magic, or any of the
other myriad nonsense that gets marketed:
You're lucky if they do no harm. They will not
do any real good. (Though I guess quinoa is
edible and reasonably nutritious, if you don't
mind starving Peruvian peasants resulting from
you being willing to pay through the nose for
magic starch. :)

I explained the details of the Registry above so
that anyone can check for themselves.

I agree that a lot of decent software nevertheless
tries to autostart things. HP printers are a good
example. iTunes is especially sleazy. Even 7-Zip does
things without asking. But all of that can be safely
controlled via Autoruns. That includes context menu
add-ons, which are under the Shell Extensions section.
Autoruns also lets you find out where things are, so you
can delete EXEs if desired. And as you may know,
Autoruns and the Sysinternals tools were originally
written by Mark Russinovich, a top Windows programmer
who then went to work for MS and left them in charge
of Sysinternals. So they're dependable programs.

You might have to watch installs to make sure you
don't agree to junk toolbars and such. (Maybe that's
what you had in mind with BHOs?) But aside from that,
any reputable software shouldn't be installing extra
items.

| The US gov just deprecated Kapersky by the way.
| I'm not sure what the threat is though.
|
I haven't followed that closely, but I think the
idea was that they think Kaspersky is working as
a spy company for Russia.



Blake Snyder

unread,
Sep 19, 2017, 1:05:33 PM9/19/17
to
On Tue, 19 Sep 2017 09:54:58 -0400, in <news:opr7ks$eqf$1...@dont-email.me>,
Mayayana wrote:

> You can research it for yourself. Start Regmon or
> Procmon. Then start IE. On my system, IE will make
> over 5,000 Registry reads in about 1 second. (I don't
> know why. Microsoft seem to do that deliberately to
> obfuscate the relevant reads. That's the only reason
> I can think of.)

Hi Mayayana,
I've been around for decades, so I'm fully aware of the huge number of
registry entries that Microsoft products create. In Win95 days I used to
actually move the Microsoft Office installation by modifying every key in
the registry left after using COA (which didn't get everything).

I gave up on that approach of trying to put Microsoft stuff where it
belongs, but I'm as familiar with the huge clutter in the registry as you
are. I'm only debating with you that the Ccleaner registry cleaner is a
"scam".

I have been using the CCleaner registry cleaner for so long that I can't
even say how many years it has been. Probably since I first heard about
Ccleaner, and never once have I see it be a problem that I could attribute
to me cleaning the registry.

That's all I'm saying.

Does it clean the registry?
Yes.

Is it a scam?
I don't know.

> So the Registry is incredibly fast. Cleaners generally
> target 2 categories: Leftover software entries, like
> you mentioned, and HKCR\CLSID keys.

I often move things to where I think they belong, where Ccleaner noticed
that I didn't do the job right.

> An example of the first might be that Acme Editor
> gets uninstalled and settings stay there. That's typical.
> In case you decide to install it again your preferences
> would still be intact. So you have some settings under
> HKCU\Software\Acme Software\Acme Editor\

Yup. Lot's of stuff is left over after an uninstall.
I prefer to remove it all.
You may not.
But that doesn't make a Ccleaner approach a scam.

> That adds a few bytes to the Registry and does
> no harm. Since it's an Acme Software key, no other
> software is affected by the settings.

I get your point that if someone thinks that cleaning the registry of old
entries is going to "speed up" their system, it's not. I get that.

But that doesn't make registry cleaning a scam.
I keep a clean desktop. I keep a clean file system.
I keep a clean office. And a clean kitchen.
My garage is clean and my car is clean.

Why shouldn't my registry be clean?
It's not a scam to want a clean registry anymore than it's a scam to want a
clean kitchen.

> An example of the second case might be a program
> with a bad uninstaller that uninstalled their Acme123.dll
> COM library but didn't unregister it. So there are keys
> like HKCR\CLSID\{a1b2.....}\ and HKCR\AcmeLib.Ops.
> Those are the keys that allow the COM library to be
> accessed. With the library gone they're "orphan" entries.
> But since no other program is going to use AcmeLib, the
> entries do no harm.

I get that Microsoft has a counter for any shared DLL that is counted down
somehow in the registry where that counter "can" get screwed up. Presumably
CCleaner handles that, where the presence of the extraneous DLL isn't a big
deal (however, again, it's not "clean").

Just as I clean my silverware after using it, I see nothing wrong with
cleaning out DLLs that are no longer needed.

Again, I'm only responding to the issue of Ccleaner being a "scam", where I
think it does something valuable in that it keeps the operating system a
bit cleaner than it would have been otherwise.

Is Ccleaner a panacea?
Nope.

> The worst that might happen, which is still very
> unlikely, would be that you'd see a message like,
> "Unable to create object" when a program tries to
> access AcmeLib. But you'd see an error message
> anyway, in that case, because the DLL is gone. You
> might just get a crash instead of the "unable to
> create object" message. Either way, the Registry
> entry won't matter.

I don't disagree.
It's just that I like to keep my system clean.
I put all four of the MS default temp directories in one hierarchy.
And I keep a fifth temp directory just for my own personal use.
Is that necessary? Nope.
Is it clean? Yes.

> The best analogy I can think of is that you have
> a gigantic attic, full of stored stuff, and you hire a
> teenager to clean up. The teenager finds 2 incomplete
> decks of cards and a broken broomstick to throw
> away. You feel satisfied. But nothing useful has been
> done in the attic. You don't actually have more space.
> It won't be any easier or faster when you want to find
> something. And what if the teenager broke something,
> or left behind a fire hazard?

You make a very good point here, but that's not the same as calling
CCleaner a "scam". While CCleaner certainly can break something, I don't
think it has ever broken anything that I can remember in all the years I
have been using it (where I check most of the boxes, even the ones not on
by default and I don't make backups and I turn off the nag messages too).

Your point is valid that Ccleaner doesn't make the system faster.
Your point is valid that Ccleaner can screw something up.

But your point that CCleaner is a scam is not valid.
It's just one way to keep the system a tiny bit cleaner (IMHO).

That has esthetic value, if no other value is found for a clean toolbox.

> If it really bugs you to have leftover settings in the
> Registry it's easy to remove the software settings.
> Just open Regedit to HKCU\Software\. Each subkey is
> a company. You can delete the Acme Editor key.
> Either way, anything that actually needs to access the
> Registry is going to be doing it in the range of milliseconds,
> regardless of whether your Registry is 20 MB or 20 MB
> + 30 KB of unnecessary data.

There are a gazillion keys that Ccleaner cleans up, and it's not only in
HKCU/Software that it does it.

Nonetheless, I have messed with the registry since Win95 days and I gave up
on manual edits except to key variables (such as the %temp% variables and
the %program files% and other key variables).

I am only saying that CCleaner has its place. The last time I manually
updated it was when I moved to Windows 10, and it seems to work just fine
for me.

> I'm not making any assumption about how
> much you know. But if you regularly have to
> clean up bad installs then something is wrong.

Oh. Mayayana. You don't know what you just said.
Do you realize how many bad installers are out there?

As just one example, do you know that you can 'tell' Apple's iTunes to go
to C:\mystuff\apple-crap\iTunes and it will go there, but almost nothing
else of the tons of bloatware that follows (e.g., Bonjour for one) will go
there (Quicktime used to be added also, along with tons of other crapware).

Now I gave up on iTunes so long ago that I don't remember when, but that's
just the canonical example of bad bloatware installers. So many things
don't go where you tell them to go that it's not funny.

Don't even get me started on HP printer software not going where it
belongs, or Oracle programs, or Nvidia drivers, or anything from Microsoft.

It seems the bigger the company, the more misbehaved the installer.

> I chimed in because the whole category of
> "cleaning" is mostly a scam industry and people
> don't realize it.

Mayayana, I respect your judgement and I, myself, know a scam when I see
it. There are LOTS of scams revolving around the fact that most people are
afraid of malware so they install all sorts of what turns out to be malware
to reputedly get rid of the malware. I'm sure you can rattle off a huge
list of such things as easily as I can.

But I don't consider CCleaner to be malware.
Is it scamware?
I don't think so.

It's not a panacea.
But it cleans "stuff" out that I would have to clean on my own.

About the only time I think it "screws up" is that I have this sneaking
suspicion that a reboot is necessary after many program uninstalls, where
if I run the reboot, I think there are registry actions that occur.

However, if I don't run the reboot, then CCleaner may (perhaps) clean out
those registry entries which the uninstaller put there with the result that
the uninstall actions won't occur.

Did I explain that problem well enough for you to understand or do you
think that's wrong that some programs when uninstalled leave registry
'actions' on purpose, which only run when you reboot. If ccleaner removes
them, they might not run.

Hence, in *that* case, Ccleaner would 'screw up'.
Does that make sense?

> It's like drain cleaners, or gas
> tank conditioners, or dryer sheets, or bottled
> water, or air fresheners, or gluten-free yogurt,
> or life-extending quinoa magic, or any of the
> other myriad nonsense that gets marketed:

True dat. Seafoam. Marvel Mystery Oil. WD-40.
Lots of people want a "miracle in a can".
I agree with your point that, to some people, CCleaner may appear to be a
miracle in a can.

It's not.
But it's like MAF cleaner in that it's a bit better than cleaning your MAF
by hand.


> You're lucky if they do no harm. They will not
> do any real good.

I think you have two levels of "good".
a. Miracle cure good
b. Simple cleaning good

I think Ccleaner does clean stuff out that you'd have to clean out manually
if you didn't use Ccleaner (e.g., recent docs).

I don't think CCleaner is a miracle cure, but I don't think it's a scam
either.

> I agree that a lot of decent software nevertheless
> tries to autostart things. HP printers are a good
> example.

OMG. Do not get me started on HP printers!
It has been YEARS that I've been trying to get rid of some HP software on
my computer. The only way is to flush the operating system and start over.
Sigh. (Please don't get me started on HP.)

> iTunes is especially sleazy.
OMG. You know EXACTLY how to make me wince!

I know all about iTunes and I never want to see it again. Ever.
I have iOS and Android where there is never a need for iTunes crap.
Let's not go there or we'll drive the others nuts.

> Even 7-Zip does things without asking.

Most programs (e.g., glasswire, filezilla, etc.) phone home, which is a
bitch, I agree. But what does 7-zip do? Let me check my 7-zip log file.

OK. Just checked. Here's what my manual log file said about 7-zip:
. It's useful to open up Microsoft IMG files (e.g., MS Office)
. The Microsoft IMG is sort of a zip, which 7zip unzips.
. It also opens zip, cab, iso, and other files.
. The 7zip installer does not seem to phone home
. It installs super quickly.
. But it only puts an icon in the "Program" folder.
. So copy "7-Zip File Manager" to your cascaded menu.
. And change the target to where you actually put the software
. The program has a checkbox for adding 7zip to the context menus.
. If that checkbox is on, make sure you turn it off.

That's all I noticed but I only used 7-zip to extract MS Office image files
(which are sort of kind of but not really iso files).

> But all of that can be safely
> controlled via Autoruns. That includes context menu
> add-ons, which are under the Shell Extensions section.
> Autoruns also lets you find out where things are, so you
> can delete EXEs if desired. And as you may know,
> Autoruns and the Sysinternals tools were originally
> written by Mark Russinovich, a top Windows programmer
> who then went to work for MS and left them in charge
> of Sysinternals. So they're dependable programs.

I read PC Magazine just like you did in the COA and Process Explorer days
so I'm familiar with Russinovich (as is almost everyone on Windows).

I don't have "autoruns" though in my software hierarchy.
https://docs.microsoft.com/en-us/sysinternals/
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

I downloaded and extracted the zip file and put that zip file where it
belongs and then created shortcuts to autoruns.lnk and then ran it.

After the EULA, it popped up a window with literally over a score of tabs,
each containing a page of checkbox information, which I'll have to weed
through.

Thanks. This Autoruns seems like a good program for weeding out auto run
stuff because LOTS of my entries say "File Not Found" (for example, Google
Chrome stuff, which I don't have anymore, and WinMail stuff, which I don't
even know what it is, and Windows Media Player stuff, again, which I don't
even have on my system to my knowledge, etc.

> You might have to watch installs to make sure you
> don't agree to junk toolbars and such. (Maybe that's
> what you had in mind with BHOs?) But aside from that,
> any reputable software shouldn't be installing extra
> items.

I am as tuned as you are, Mayayana, to junk installs. I circumvent that by
a few methods, one of which is I only use the absolute best freeware most
of the time (although some times I have to test freeware to figure out what
is the best).

One method which is so easy I do it on every install is I disconnect the
network before clicking on any installer.

Another method is that I ALWAYS use the custom install (never once do I
not!) mainly because I don't put anything in any idiotic program files
directory (for lots of good reasons).

I also keep a lot of EVERY installation, so that I know what mistakes I
made (since they always catch you on something) particularly which ones
phone home and which ones have settings to stop that and which I have to
use the HOSTS file (yes, I know you love Acrylic DNS which I'll install
some day).

I disagree that "reputable software won't install extra items". I think
even Ccleaner now adds stuff, does it not? Also Flash (we can debate if
that's reputable) habitually tries to foist McAfee on us.

I think what happens is that reputable freeware starts adding stuff which
doesn't make it disreputable as long as it's obvious and easily blocked.

Of course, non reputable freeware is the worst - but nobody uses that who
has his mind in the right place (e.g., the billion screenshot programs out
there by way of example - none of which are needed).

>
>| The US gov just deprecated Kapersky by the way.
>| I'm not sure what the threat is though.
>|
> I haven't followed that closely, but I think the
> idea was that they think Kaspersky is working as
> a spy company for Russia.

I have been in the software industry for decades, and I also have studied
history my entire life. One simple example is that even the elevator
operator in the main French newspaper at the start of WWII was a German
spy. It cost the Germans nothing to pay this guy to be a "sleeper" when all
he needed to do was round up the journalists after the Germans took over
Paris.

The point is that sleepers exist in every single software company on this
planet. Sleepers from all countries. That means both friend and foe.

While I don't always trust my government to do the right thing, I "assume"
that they know what they're doing with Kapersky, so I will avoid it (I
never saw its value anyway so that's easy to do).

The problem is that probably all our firmware and software companies have
sleepers since it's dirt cheap to employ them (Hint: China has a billion
people to spare so what is it to them to sprinkle a sleeper in every
software and hardware company on this planet?)

My point is that all software is (likely) compromised.

The best bet is, for obvious reasons, open source software, but as
heartbleed showed, even that is only as good as the number of eyes testing
it out for flaws.

Blake Snyder

unread,
Sep 19, 2017, 1:29:45 PM9/19/17
to
On Tue, 19 Sep 2017 10:23:49 +0100, in
<news:CG2wj2FlIOwZFw$v...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:

> Interesting. How would you say it compares to Revo?

I just looked in my freeware software archives where I don't have Revo
uninstaller in my archival directory.
https://www.revouninstaller.com/revo_uninstaller_free_download.html
Where the number one feature listed is
. Scanning for leftovers after the standard uninstall

The landing page is confusing on purpose, so it's not clear whether the
"free download" is actually freeware or trialware, where they have the
classic table of checkboxes trying to convince me to buy what I'd never buy
(since alternatives exist for free).

Nonetheless, I hazarded a guess (which is the only way you can deal with
such things) by clicking "free portable" which downloaded the rather large
(for what it does) RevoUninstaller_Portable.zip file.

Interestingly the "free download" of "revosetup.exe" is appreciably smaller
than is the portable version. My log for installing was reasonable:
The installer adds needless hierarchy:
. %program files%\VS Revo Group\Revo Uninstaller
. Put it in /software/cleaners/revo/
. It doesn't seem to phone home (but I need to check further)
. It installs and comes up quickly which is a good sign

As a test I hit the HP entry that Ccleaner and Windows control panel
couldn't get rid of:
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

It created a restore point (which I don't need and generally don't do), and
then it popped up a query to uninstall all HP products (Yes! Please!).

And then a funny popup that literally said:
Are you sure you want to remove from your computer?
Note the double space where a name would normally be.

And then the classic HP message "You must restart your computer to finish
the install" where I know from experience that it will do nothing but
reboot my computer and where the HP software will still be listed as being
there.

Since there is no way now to NOT reboot (ask me how I know), I will have to
send this message first and then see if it worked (which I'm pretty sure it
failed just like CCleaner and the windows add/remove programs failed).

But maybe I will get lucky ... if so I'll be a believer in Revo! :)

>>This email has been checked for viruses by Avast antivirus software.
>>https://www.avast.com/antivirus
>>
> (1. It's not an email. 2. it may have been clean when it left you
> [though I'd not trust that], but not when it reached me [though 2a. I
> don't think I've ever seen malware in a text-only post]. 3. Someone'll
> be along in a moment to tell you how to turn off the above.)

I don't even use Avast as my AV program (I use Bit Defender).
So I didn't add that sig line.
Whatever random nntp server I used did.

To explain faithfully, I'm always on a freely available VPN service.

The VPN service changes with almost every post. In fact, I have no idea
what server I'm using because everything in my header is random except the
Subject and body of the message. Even my identity is random. It's all part
of the long-ago scripted (a decade or more) algorithm when I post.

The only thing that is manually controlled by me is the subject and body of
the message. Everything else is automatically randomized with each post,
with the identity being locked to a thread so that I don't confuse people.

I'm always sincere in the question and body and response to posts, despite
the fact that many people here are trolls, I am not (even though trolls
also hide their identity but so do legitimate posters).

That's a long-winded way of saying that the VPN service added that line,
since I didn't add it. It won't be on all my posts - but I've seen it
before where it's kind of rude of the VPN service to scan the message and
then add that silly line.

BurfordTJustice

unread,
Sep 19, 2017, 1:54:32 PM9/19/17
to
So it really is crap.



"Blake Snyder" <blakebla...@outlook.com> wrote in message
news:opoomu$qsj$1...@news.mixmin.net...

Blake Snyder

unread,
Sep 19, 2017, 1:55:57 PM9/19/17
to
On Tue, 19 Sep 2017 17:29:38 -0000 (UTC), in
<news:oprk60$fg8$1...@news.mixmin.net>, Blake Snyder wrote:

> As a test I hit the HP entry that Ccleaner and Windows control panel
> couldn't get rid of:
> HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
>
> It created a restore point (which I don't need and generally don't do), and
> then it popped up a query to uninstall all HP products (Yes! Please!).
>
> And then a funny popup that literally said:
> Are you sure you want to remove from your computer?
> Note the double space where a name would normally be.
>
> And then the classic HP message "You must restart your computer to finish
> the install" where I know from experience that it will do nothing but
> reboot my computer and where the HP software will still be listed as being
> there.
>
> Since there is no way now to NOT reboot (ask me how I know), I will have to
> send this message first and then see if it worked (which I'm pretty sure it
> failed just like CCleaner and the windows add/remove programs failed).
>
> But maybe I will get lucky ... if so I'll be a believer in Revo! :)

Two things to report on Revo.

It *does* phone home, to:
https://www.revouninstaller.com/freeinstall_thankyou.html

But that's easily circumvented with a HOSTS file entry of:
127.0.0.1 www.revouninstaller.com revouninstaller.com

But worse, it didn't do anything with the HP entry of:
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

I was hoping to get rid of that entry once and for all.
:(

PS: I'm changing the VPN server to see if the virus message goes away.
If it doesn't go away, I'll check the header randomizing scripts which have
been in place for so many years that I forget if they insert a bogus AV
header.

Blake Snyder

unread,
Sep 19, 2017, 1:59:35 PM9/19/17
to
On Tue, 19 Sep 2017 17:55:52 -0000 (UTC), in
<news:oprln7$ifd$1...@news.mixmin.net>, Blake Snyder wrote:

> PS: I'm changing the VPN server to see if the virus message goes away.
> If it doesn't go away, I'll check the header randomizing scripts which have
> been in place for so many years that I forget if they insert a bogus AV
> header.

So it was the VPN server that added that av sig line.

I could track down which server it was and remove that from my list of
thousands of freely available public VPN servers, but the sig line only
bothers people who think that I didn't configure my AV program correctly.

I never see sig lines myself since my scripts change what I see by
presenting everything in a table that culls out only the important
information from their headers and statistics culled from the net.

So I apologize for the sig lines, where the privacy randomization scripts
do insert random sig lines but never that particular AV one.

Shadow

unread,
Sep 19, 2017, 2:38:33 PM9/19/17
to
Re registry cleaners ....

http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php

Did it find anything personal in the registry that your system
might have stored for the forensic guys, and which you would rather
not be made public ?
No ? Great !!!!!
Ever thought of taking up religion as a profession ? I hear
there's a vacancy for the CEO's position.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Ron

unread,
Sep 19, 2017, 5:26:22 PM9/19/17
to
On 9/18/2017 8:21 PM, Blake Snyder wrote:
> On Mon, 18 Sep 2017 17:13:49 -0600, in <news:oppjvi$j1b$1...@dont-email.me>,
> Buffalo wrote:
>
>> Thanks, it sure gets you to that page a lot quicker, clever boy
>
> What free software do you recommend for checking this in the future?
>
> I have Wireshark, for example, but it's complex to use (as you may know).
> I also have Fiddler4, & TCPView, & Glasswire.
>
> None of those would have caught it though because all are active sniffers.
>
> What free software, as a passive sniffer, do you recommend that
> would/should have caught the spyware in CCleaner when even Avast & Kapersky
> didn't catch it?

I have Norton 360 on my machines and it caught it.

M.L.

unread,
Sep 19, 2017, 6:42:20 PM9/19/17
to


> I keep a script on my Desktop to clean TEMP.

Why not post the script here to help others?

Blake Snyder

unread,
Sep 19, 2017, 8:45:41 PM9/19/17
to
I know that was for Mayayana but here are the temp directories that you can
define to be in C:\tmp\* or wherever you want them to be.
http://www.askvg.com/list-of-environment-variables-in-windows-xp-vista-and-7/

Then you can delete them just by deleting everything in c:\tmp\*
http://best-windows.vlaurie.com/environment-variables.html

Or you can just move them to a convenient easily deleted location.
https://technet.microsoft.com/en-us/library/aa998945(v=exchg.65).aspx

Here is a list of some of the system variables:
https://technet.microsoft.com/en-us/library/cc749104(v=ws.10).aspx

As I recall, there are four "temp" system variables I have all set to my
c:\tmp\* directory where they can be easily cleaned up.

Be advised that even on Windows 10, Microsoft still constrains you to the
8+3 syntax, as exemplified here:
c:] echo %temp%
C:\tmp\junk\WINDOW~
Where "Window~" is Microsoft's 8+3 way of doing things.

c:] echo %tmp%
C:\tmp\junk\WINDOW~1
c:] cd %tmp%
Where "Windows~1" in this case is actually "windows_temp".

Who'd have thought that even in Windows 10, you're limited to 8+3 syntax!

Zaidy036

unread,
Sep 19, 2017, 10:01:48 PM9/19/17
to
On 9/19/2017 6:42 PM, M.L. wrote:
>
>
>> I keep a script on my Desktop to clean TEMP.
>
> Why not post the script here to help others?
>
Here are the commands I use in my unattended overnight batch to keep my
Temp file to a reasonable size. I want to keep the most recent files and
folders in case they are needed. I realize many just want to do a delete
all.

:: Reduce Temp Files and Folders
::
-------------------------------------------------------------------------------------------------------
:: Remove from TEMP files LAST ACCESSed OLDER than AGE
SET _SRC=C:\Users\....\AppData\Local\Temp & SET AGE=120
FORFILES /P %_SRC% /S /C "CMD /C DEL /Q @path" /D -%AGE% > NUL 2>&1

:: Remove from TEMP empty folders
FOR /f "delims=" %%i in ('DIR %_SRC% /AD /S /B ^| SORT /R') DO RD "%%i"
> NUL 2>&1

NOTE "reverse sort" DIR because must remove "lowest" folders before
"highest" which would not be empty with "lowest" in place.
--
Zaidy036

Mayayana

unread,
Sep 19, 2017, 10:22:47 PM9/19/17
to
"Blake Snyder" <blakebla...@outlook.com> wrote

| I get that Microsoft has a counter for any shared DLL that is counted down
| somehow in the registry where that counter "can" get screwed up.
Presumably
| CCleaner handles that, where the presence of the extraneous DLL isn't a
big
| deal (however, again, it's not "clean").
|

I think you may be thinking of the refeence count.
Windows tracks loading and unloading of shared system
DLLs. It will then unload the DLL when the last reference
is dropped. I don't think that's connected to the Registry,
though I'm not sure. In any case, it would all be cleared
with a restart. As far as I know there are not typically
problems with that system.

| Oh. Mayayana. You don't know what you just said.
| Do you realize how many bad installers are out there?
|

I can't say that I've seen them. But I do agree that
there are an increasing number of sneaky ones that
will install junk if you're not careful. Even Irfanview.
And there's a lot of crap of another kind in programs
like Firefox: It doesn't actually install malware, but it
will inflict a kind of death by a 1,000 cuts, with things
like call-home data collection, ads in the default home
page, etc.

| OMG. Do not get me started on HP printers!
| It has been YEARS that I've been trying to get rid of some HP software on
| my computer. The only way is to flush the operating system and start over.
| Sigh. (Please don't get me started on HP.)
|
:) They're a weird bunch. One HP printer I had
insisted I needed an updated IE to install the drivers!
I had to trick it by changing the Registry value it was
checking. Another came with a complete VB6 project
for customer feedback. Not an EXE. The entire code
project to make the EXE! But then I tried an Epson
printer and it would arbitrarily decide to stop working,
insisting that I offiicially had no ink left when that was
not true.
So now I accept HP as the lesser of the evils
and only do as much printing as is necessary for
things like business cards, contracts, customer
receipts, etc.

| > iTunes is especially sleazy.
| OMG. You know EXACTLY how to make me wince!
|
| I know all about iTunes and I never want to see it again. Ever.
| I have iOS and Android where there is never a need for iTunes crap.
| Let's not go there or we'll drive the others nuts.
|

This might be a good time to take your
anti-high blood pressure drugs.


Mayayana

unread,
Sep 19, 2017, 10:42:32 PM9/19/17
to
"M.L." <m...@privacy.invalid> wrote

| > I keep a script on my Desktop to clean TEMP.
|
| Why not post the script here to help others?

It's in this package:

http://www.jsware.net/jsware/scrfiles.php5#desk

It could be trimmed down quite a bit if you know the
paths. It's designed to work on all systems without
knowing paths. I mostly work on XP. I don't remember
whether I altered the script for Win7. I don't think so.
You may also not want to run as admin, in which case
you can only delete temp files in your own user folder,
but I assume it will also work to delete them in C:\TEMP
and C:\Windows\TEMP.


Here's the content of the message box window I
just got after running the script:

TEMP folders found: List shows beginning size of each TEMP folder found and
size of that folder after cleaning.

C:\WINDOWS\TEMP: 4 MB - 4 MB
C:\temp: 24 KB - 0 Bytes
C:\DOCUME~1\[username]\LOCALS~1\Temp: 6 MB - 0 Bytes
C:\DOCUME~1\Default User\Local Settings\Temp: 0 Bytes - 0 Bytes
C:\DOCUME~1\NetworkService\Local Settings\Temp: 0 Bytes - 0 Bytes
C:\DOCUME~1\LocalService\Local Settings\Temp: 0 Bytes - 0 Bytes
C:\DOCUME~1\Administrator\Local Settings\Temp: 0 Bytes - 0 Bytes

The 4 MB in C:\Windows\TEMP stayed because
they're open files. The script is designed to just
ignore errors, which will occur if a file is open and
can't be deleted.

The FileSystemObject used in VBS can deal with
deleting nested folders, so there's no need to get
into any fancy footwork like recursive cleaning. The
script just looks for any likely TEMP folders, then
deletes all files/folders in any TEMP folders found.


Mr. Man-wai Chang

unread,
Sep 20, 2017, 12:39:40 AM9/20/17
to
On 20/9/2017 1:54 AM, BurfordTJustice wrote:
> So it really is crap.
>

I still don't find a use for it after all these years...

J. P. Gilliver (John)

unread,
Sep 20, 2017, 6:28:58 AM9/20/17
to
In message <opsdnf$u8a$1...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
[]
>Be advised that even on Windows 10, Microsoft still constrains you to the
>8+3 syntax, as exemplified here:
> c:] echo %temp%
> C:\tmp\junk\WINDOW~
>Where "Window~" is Microsoft's 8+3 way of doing things.
>
> c:] echo %tmp%
> C:\tmp\junk\WINDOW~1
> c:] cd %tmp%
>Where "Windows~1" in this case is actually "windows_temp".
>
>Who'd have thought that even in Windows 10, you're limited to 8+3 syntax!

(The second one doesn't have the s in it.)

It _may_ not be the case for these two, as they may always be created in
the same order, but IME, the 8.3 forms are created - with the number
after the ~ incrementing - in the order the files are, so they _could_
be the other way round. Or have higher indices if \tmp\junk already had
some window~x files in them when those needed to be created.
>
>---
>This email has been checked for viruses by Avast antivirus software.
>https://www.avast.com/antivirus
>
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

... management speak, a language used by those employed to deliver change
while dodging responsibility for its nastier effects.
- Gillian Reynolds, RT 2016/9/17-23

J. P. Gilliver (John)

unread,
Sep 20, 2017, 6:30:10 AM9/20/17
to
Firstly, I really enjoyed Mayayana's post and Blake's reply. Both
well-thought-out and reasonable.

Just picking up on a couple of points:

In message <oprio3$dfb$1...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
>On Tue, 19 Sep 2017 09:54:58 -0400, in <news:opr7ks$eqf$1...@dont-email.me>,
>Mayayana wrote:
[]
>> Either way, anything that actually needs to access the
>> Registry is going to be doing it in the range of milliseconds,
>> regardless of whether your Registry is 20 MB or 20 MB
>> + 30 KB of unnecessary data.

I agree with most of what you say about registry cleaners making
excessive claims about speed improvement and being of dubious value
altogether (though I agree with Blake that there's something
aesthetically satisfying: in the way that some people would clean mud
off their car even if it was just mud and over modern paint that
wouldn't be harmed by the mud being left), but the above _proportions_ I
think might not be representative of the case: I suspect that my (and
certainly a lot of people's) registries contain unnecessary data that is
a much higher proportion, possibly even far exceeding the "necessary"
part.
[]
>I also keep a lot of EVERY installation, so that I know what mistakes I
>made (since they always catch you on something) particularly which ones
>phone home and which ones have settings to stop that and which I have to
>use the HOSTS file (yes, I know you love Acrylic DNS which I'll install
>some day).
[]
(I assume that was meant to be "log" rather than "lot".) There are - or
used to be, I haven't looked for years - utilities (not sure if any
free) that claim to do this for you, i. e. monitor all activity during
an install (file installs, registry changes, whatever), to give you the
option of thorough removal. (I _think_ the paid version of revo might
include such.) I wondered, have you ever explored any of them? I haven't
- or if I did, it was so long ago that I can't remember - (a) because it
seems like a lot of effort [though presumably less so than doing it
manually as you do!], and (b) I'm not sure if there'd be problems using
them to remove one thing when I'd _subsequently_ installed other things.

J. P. Gilliver (John)

unread,
Sep 20, 2017, 6:35:09 AM9/20/17
to
In message <oprk60$fg8$1...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
>On Tue, 19 Sep 2017 10:23:49 +0100, in
><news:CG2wj2FlIOwZFw$v...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:
>
>> Interesting. How would you say it compares to Revo?
>
>I just looked in my freeware software archives where I don't have Revo
>uninstaller in my archival directory.
>https://www.revouninstaller.com/revo_uninstaller_free_download.html
>Where the number one feature listed is
>. Scanning for leftovers after the standard uninstall
>
>The landing page is confusing on purpose, so it's not clear whether the
>"free download" is actually freeware or trialware, where they have the

Yes, that's sadly very common these days. "Free download" is a phrase
that should be banned (-:

>classic table of checkboxes trying to convince me to buy what I'd never buy
>(since alternatives exist for free).

Indeed.
>
>Nonetheless, I hazarded a guess (which is the only way you can deal with
>such things) by clicking "free portable" which downloaded the rather large
>(for what it does) RevoUninstaller_Portable.zip file.
>
>Interestingly the "free download" of "revosetup.exe" is appreciably smaller
>than is the portable version. My log for installing was reasonable:

(I'd expect the portable one to be slightly bigger.)

>The installer adds needless hierarchy:
>. %program files%\VS Revo Group\Revo Uninstaller
>. Put it in /software/cleaners/revo/
>. It doesn't seem to phone home (but I need to check further)
>. It installs and comes up quickly which is a good sign
>
>As a test I hit the HP entry that Ccleaner and Windows control panel
>couldn't get rid of:
>HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
>
>It created a restore point (which I don't need and generally don't do), and
>then it popped up a query to uninstall all HP products (Yes! Please!).
>
>And then a funny popup that literally said:
> Are you sure you want to remove from your computer?
>Note the double space where a name would normally be.

Some of these might have been from the HP uninstaller; it seems to run
the app's own uninstaller first. (I suspect that the free version at
least uses this to make note of places to look afterwards!)
>
>And then the classic HP message "You must restart your computer to finish
>the install" where I know from experience that it will do nothing but
>reboot my computer and where the HP software will still be listed as being
>there.
>
>Since there is no way now to NOT reboot (ask me how I know), I will have to

OK I'm asking (-: [If this was the result of it running HP's own
uninstaller as _part_ of a revo uninstall, I'd probably do my best _not_
to have it reboot at that point.]

>send this message first and then see if it worked (which I'm pretty sure it
>failed just like CCleaner and the windows add/remove programs failed).
>
>But maybe I will get lucky ... if so I'll be a believer in Revo! :)
[]
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

J. P. Gilliver (John)

unread,
Sep 20, 2017, 6:45:01 AM9/20/17
to
In message <oprln7$ifd$1...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
[]
>Two things to report on Revo.
>
>It *does* phone home, to:
>https://www.revouninstaller.com/freeinstall_thankyou.html

OK. I think blocking that doesn't stop it working, though.
>
>But that's easily circumvented with a HOSTS file entry of:
>127.0.0.1 www.revouninstaller.com revouninstaller.com
>
>But worse, it didn't do anything with the HP entry of:
>HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
>
>I was hoping to get rid of that entry once and for all.
>:(

Well, you did give it a hard one to start with!

I certainly wouldn't claim it does everything I'd like it to. But if you
try it with something less demanding (and on its strongest setting), I
think you'll find it finds quite a lot of directories, files, and
registry entries left over after an app's own uninstaller has run.
(Depending on the app., of course.) I find it acceptably useful.

This started with me saying something like "how does it compare to
revo", after you'd mentioned an uninstaller you use (I forget what): I'd
still be interested in your opinion as to how the two compare. (I'm
guessing that your alternative uninstaller didn't kill the HP stuff
either! I find HP printers reasonable, but their installers an amazing
example of bloatware and misleading.)
>
>PS: I'm changing the VPN server to see if the virus message goes away.
>If it doesn't go away, I'll check the header randomizing scripts which have
>been in place for so many years that I forget if they insert a bogus AV
>header.

Worked!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

J. P. Gilliver (John)

unread,
Sep 20, 2017, 6:49:02 AM9/20/17
to
In message <oprlu3$j03$1...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
[]
>So it was the VPN server that added that av sig line.
>
>I could track down which server it was and remove that from my list of
>thousands of freely available public VPN servers, but the sig line only
>bothers people who think that I didn't configure my AV program correctly.

Sorry for being one such. In my defence I had no way of knowing you were
using a VPN.
>
>I never see sig lines myself since my scripts change what I see by
>presenting everything in a table that culls out only the important
>information from their headers and statistics culled from the net.
>
>So I apologize for the sig lines, where the privacy randomization scripts
>do insert random sig lines but never that particular AV one.

I see them in a different colour, so on the whole can ignore them - but
of course that's triggered by a proper separator line, which that AV one
doesn't have. (Any chance of you creating a .sig that consists solely of
a "-- " line? That way at least it'd appear - or not appear in your
case, when you're reading back your own posts - as part of a true .sig.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

... "from a person I admire, respect, and deeply love." "Who was that then?"
"Me." (Zaphod Beeblebrox in the Link episode.)

Mayayana

unread,
Sep 20, 2017, 9:43:37 AM9/20/17
to
"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote

| I agree with most of what you say about registry cleaners making
| excessive claims about speed improvement and being of dubious value
| altogether (though I agree with Blake that there's something
| aesthetically satisfying: in the way that some people would clean mud
| off their car even if it was just mud and over modern paint that
| wouldn't be harmed by the mud being left)

I can see that. I'm not above marching into
HKCU\Software\ occasionally, snorting with
righteous wrath, to decimate a key left by some
kind of program that I tested out for about
15 seconds. It's the same satisfaction I get
from putting supermarket ad fliers into *their*
rubbish barrel on my way out of the store. :)

| but the above _proportions_ I
| think might not be representative of the case: I suspect that my (and
| certainly a lot of people's) registries contain unnecessary data that is
| a much higher proportion, possibly even far exceeding the "necessary"
| part.

I doubt that very much. You can browse through it
and see what's there. That's why I listed details. The
typical things that can be cleaned up are orphan
COM keys under HKCR\CLSID\ and HKCU\Software\
keys for removed software. That's miniscule. I remember
using Microsoft's cleaner (regclean?) back in the Win9x
days. It used to remove a few 10s of KBs. Similarly,
The Amazing Doctor Norton would offer to save me
from disaster by removing a few dozen entries.

Doesn't the cleaner you use offer a list or a backup
put-it-back EXE in case something goes wrong? That
should tell you how much is being "cleaned".

If it were me I'd want to at least scan the list before
letting anything clean. What if, for example, you install
a program that doesn't register itself and doesn't
register an uninstaller, but does record the activation
key in the Registry? A cleaner is apt to remove that
after not finding any record of the program in question.
Then the next time you start the program it asks for
the key, which you may no longer have. All kinds of little
mix-ups like that could happen, partly because the
Registry is not very systematic to begin with. The fact
there's no dependable list of installed software is one
example of that. And if you start getting into Microsoft's
settings it can be quite an eye opener. I can only guess
that many of their top programmers are fond of playing with
secret decoder rings while they eat their Lucky Charms
and sugar for breakfast. They *love* to obfuscate anything
they get their hands on. Reg cleaners have to contend with
that general disorder.

I think the bloat will vary, though, depending on things
you've installed. For instance, .Net writes a stunning number
of entries to HKCR\, which is all the more surprising because
the "classes" part of HKCR refers mainly to COM objects
and .Net doesn't support COM in general. The ProgID entries
(like system.runtime.etc) are all broken and useless from
COM point of view. They're COM-incompatible .Net objects.
So why is MS writing them all to HKCR? The whole point of
COM object ProgIDs in HKCR is so that programmers can
find available COM objects, like InternetExplorer.Application,
MS Word objects, scripting objects, ActiveX controls, etc.

Another issue is that "everyone and his brother" thinks
it's fancy to cook up their own file types. IrfanView,
Libre Office, ImgBurn... Those are just a few of the programs
I have installed that have written frivolous, unnecessary
"classes" to HKCR that represent nonsense file types. But
cleaning those up can cause problems in the programs.

The things that probably can't be safely removed
are vast. For instance, I just exported HKCU\Software\Microsoft\
and got a 32 MB file. It probably compresses 10 times in the
Registry, but that's still a vast amount of data. And it's only
the Microsoft settings for current user.



Blake Snyder

unread,
Sep 20, 2017, 10:01:06 AM9/20/17
to
On Wed, 20 Sep 2017 11:27:52 +0100, in
<news:s$VrdGLoK...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:

> (The second one doesn't have the s in it.)

My cut-and-paste from a command window always sucks!
Thanks.

> It _may_ not be the case for these two, as they may always be created in
> the same order, but IME, the 8.3 forms are created - with the number
> after the ~ incrementing - in the order the files are, so they _could_
> be the other way round. Or have higher indices if \tmp\junk already had
> some window~x files in them when those needed to be created.

What amazes me but I haven't delved into why, is that when I tell people
that even with Windows 10, you have to keep to 8+3 syntax, they say "prove
it", where I don't keep a log of the times that the tilde shows up.

The two things I can say, without actually being able to point to an actual
example at the moment, is that when I don't use 8+3, then I need
doublequotes when I shouldn't need them and the tilde shows up in the
oddest places where you can rest assured I never created a directory named
"C:\tmp\WINDOWS~".

For one, I never use capital letters, and for the other, I never use tilde
in a name. But Microsoft seems to love both.

Blake Snyder

unread,
Sep 20, 2017, 10:01:06 AM9/20/17
to
On Wed, 20 Sep 2017 11:47:02 +0100, in
<news:EeWxl+Mm...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:

>>I could track down which server it was and remove that from my list of
>>thousands of freely available public VPN servers, but the sig line only
>>bothers people who think that I didn't configure my AV program correctly.
>
> Sorry for being one such. In my defence I had no way of knowing you were
> using a VPN.

Of course you wouldn't know. You might guess it if you started tracking my
headers as I think this identity uses mixmin if I remember correctly, where
Steve Crook, whom I know personally, at my bequest, changed his header
obfuscation with every post, but then within a month, he was so inundated
with spam implications that he now changes it once a month per NNTP server
(which is per VPN server for me since I never am off VPN).

Other news servers (e.g., Blueworld, which is hard to come by nowadays)
would change the obfuscation in every post. The obfuscation is meant to
fool people like you and me, and not the NSA though, as I'm sure it's
easily cracked by those who track all of us daily in all that we do.

In your defense, the two things you wouldn't know are that I'm using a
different VPN server every few minutes (it's all automatically handled with
scripts which shall remain private because they're not even close to
perfect) and that some VPN servers (for whatever reason) add that Avast
signature line and a few lines to the header.

You could argue that I should be worried that the free VPN service is
"scanning" and "recognizing" my actions as a "post", but I could argue back
that the VPN server knows everything anyway so the "trust" issue is
something everyone who uses a free public VPN server (of which there are
thousands out there, and changing every day) has to reconcile themselves
with.

>>I never see sig lines myself since my scripts change what I see by
>>presenting everything in a table that culls out only the important
>>information from their headers and statistics culled from the net.
>>
>>So I apologize for the sig lines, where the privacy randomization scripts
>>do insert random sig lines but never that particular AV one.
>
> I see them in a different colour, so on the whole can ignore them - but
> of course that's triggered by a proper separator line, which that AV one
> doesn't have. (Any chance of you creating a .sig that consists solely of
> a "-- " line? That way at least it'd appear - or not appear in your
> case, when you're reading back your own posts - as part of a true .sig.)

I understand the "dash dash space" proper sig line, but the explanation
we've heard a billion times from the Avast folks is that they
*purposefully* put an improper sig, so that users can put their own sigs.

My randomization program for Usenet identities also adds random sigs to
certain identities but this identity doesn't seem to have a random sig.

I don't know what VPN service I'm using at the moment, so I can't say
whether it will add the Avast non-standard-on-purpose sig, but I will add
my own sig below using the dash-dash-space syntax, just in case it does.

--
This is a manual sig following the dash-dash-space syntax.

Blake Snyder

unread,
Sep 20, 2017, 10:01:07 AM9/20/17
to
On Wed, 20 Sep 2017 11:23:58 +0100, in
<news:4fQuFnK+...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:

> I agree with most of what you say about registry cleaners making
> excessive claims about speed improvement and being of dubious value
> altogether

I think both points are valid.

Anyone who thinks cleaning the registry is going to make the system
"faster" appreciably, is kidding themselves.

But Ccleaner does more than clean the registry anyway, where it cleans
"temp" stuff (of all sorts such as browser caches), and it uninstalls
things nicely, and it tells you what's in the startup entries and it has a
drive wiper.

I think part of Mayayana's argument is that there are better purpose-built
programs for that "other stuff" (such as "autoruns" for cleaning the
startup entries, which is a perfectly good argument.

In fact, these "other stuff cleaners" may actually do the job better than
does CCleaner for all I know, so, that we'd have to list them individually
to gain any tribal knowledge advantage overall.

. Cleans "files" (such as browser cache & windows logs & recent docs)
. Cleans "registry" (such as run at startup, unused file extensions)
. Uninstalls programs (which the Microsoft control panel applet also does)
. Disables startup entries (which autoruns can do)
. Disables browser plugins (which have other methods to do)
I don't use the following but others might
. Scans computer for files (like pictures, music, etc.)
. Finds duplicates (which other programs can do better perhaps)
. Manages system restore points (other progs may do that better perhaps)
. Freespace wiper (other programs may do this better)

There is merit to the argument that a "leatherman" doesn't do any of its
various jobs well, where what you really want for performance is a tool
specifically tailored to each job.

> (I assume that was meant to be "log" rather than "lot".)

Yes. Sorry. Typo. I keep a manual text "log" of every installation.
This log moves from machine to machine over time as the installers move.
What I have been doing for decades is the simple sequence below.

. Before I download a new program, I make a folder for it, say
"mkdir D:\myinstallers\cleaners\ccleaner\" (or whatever)
. Then I create a log file:
"D:\myinstallers\cleaners\ccleaner\readthis.log"
. In that log file I put the basics such as the web site URL.
. I often print the web site to clickable PDF (using Adobe Acrobat).
. In the log file, I enter my thoughts which occur while installing.
. Later on, if I need to change a setting, I go back to the log file
to add further thoughts.
. Then when I re-install, I read the log file before installing any
software that I've already installed before (on any machine).

The log is my combined "tribal knowledge" about that software.
It's not named "readme" by the way, because other progs use that name.

Everything is well thought out and KISS simple.
It's always easy to find the log file because everything is in the same
place hierarchically, in that my installer hierarchy is the same
D:\myinstaller\cleaners\ccleaner\
As is my installation hierarchy
C:\myapps\cleaners\ccleaner\
As is my menu hierarchy (which is the main launch interface)
Start > mymenu > cleaners > ccleaner.lnk

NOTE: These aren't my actual hierarchies because I keep to an 8+3 for
everything because even today, Microsoft Win10 screws up on anything longer
in certain situations that crop up from time to time such that we get the
tilde number syntax which sucks esthetically. I also never use plurals, so
that I don't have to guess at a name ("is it cleaner or cleaners?").

> There are - or
> used to be, I haven't looked for years - utilities (not sure if any
> free) that claim to do this for you, i. e. monitor all activity during
> an install (file installs, registry changes, whatever), to give you the
> option of thorough removal.

We all used "InCtrl 5" (and the earlier incarnation) in the olden days.

We would turn it on, and it would track everything changed and then we'd
turn it off.

One problem with In-Control was that you had to not do anything else at the
same time for obvious reasons, which, in reality, isn't how we work.
Another problem was that it was a huge log of mostly registry changes.

So the InCtrl 5 log was nice but not actionable.
My readthis.txt log is not nice nor is it complete but it's completely
actionable in that it's my thoughts and manual actions and observations.

Of course, my observations are only a skimming of the surface, so if you
know of a good installation-log freeware program like In-Control-5 was, let
the information surface!

> (I _think_ the paid version of revo might
> include such.) I wondered, have you ever explored any of them? I haven't
> - or if I did, it was so long ago that I can't remember - (a) because it
> seems like a lot of effort [though presumably less so than doing it
> manually as you do!], and (b) I'm not sure if there'd be problems using
> them to remove one thing when I'd _subsequently_ installed other things.

I think we'd all benefit from looking again, so many years later, at the
in-control-like programs that logged all the changes that an installer
makes.

I think we'd still need a separate log file for "actionable" summaries, but
we could skim the in-control-5-like log for surprises, of which I'm sure
*every* installer will gift us.

Wolf K

unread,
Sep 20, 2017, 10:01:08 AM9/20/17
to
On 2017-09-19 20:45, Blake Snyder wrote:
> Who'd have thought that even in Windows 10, you're limited to 8+3 syntax!

"Legacy" routines are harder to change when they are very old,
especially when they are written in machine language. Keep in mind that
Windows started out as a menu system on top of DOS, so that the core of
all Windows there lies DOS, like a dragon in its lair, ready to fry
anything that comes too close... ;-)

AFAIK, even the kernel in Windows NT and its successors has DOS at its
heart. It's a version of OS/2, which MS built for IBM. OS/2 was really
an improved version of DOS, done that way because the alternative would
have been a from-the-ground-up new design of the OS. OS/2 added
capabilities to DOS (as DRDOS and other multi-tasking DOSs did/do), but
much of the kernel was retained. The kernel uses the 8.3 filename
format. I guess that could have been changed, but using metadata
apparently looked like a better way.

Explorer displays the metadata filename. Underlying it is the 8.3
filename, which Windows somehow munges from whatever filename you decide
to assign. IOW, it uses an aliasing scheme.

So to eliminate the 8.3 format from Windows would require rewriting the
kernel at a rather low level.

Footnotes:
a) AFAIK, the 8.3 filename goes back to before DOS (it's 12 bytes, which
should be a clue to where it comes from. Anybody know?).
b) When I poked around OS/2 Warp, I saw a virtual network within the
box. AFAICT, Windows 3 was a VM attached to that network. So a Windows
crash couldn't propagate to crash the machine.
c) A lot of DOS commands worked in OS/2 as well.

FWIW: IMO, there's now enough understanding of how an OS could/should
work that a brand new design is possible. AIUI, Linux is not actually a
flavour of Unix (like BSD or OS-X). It's a work-alike, so well done that
from the user's outside-the-hood POV there's no difference. This
suggests that an OS that can work like all legacy OSs is possible,
dpending on what program you want to run. But if done right, it could be
far more secure than any existing OS.

--
Wolf K
kirkwood40.blogspot.com
"Wanted. Schrödinger’s Cat. Dead and Alive."

Blake Snyder

unread,
Sep 20, 2017, 10:01:08 AM9/20/17
to
On Tue, 19 Sep 2017 22:21:57 -0400, in <news:opsjdf$u22$1...@dont-email.me>,
Mayayana wrote:

> This might be a good time to take your
> anti-high blood pressure drugs.

My problem is that I have strong feelings about things that I know about.
:)

p-0''0-h the cat (coder)

unread,
Sep 20, 2017, 10:08:40 AM9/20/17
to
On Wed, 20 Sep 2017 10:01:02 -0400, Wolf K <wol...@sympatico.ca> wrote:

>So to eliminate the 8.3 format from Windows would require rewriting the
>kernel at a rather low level.

This is completely wrong. You have been able to disable 8.3 file name
creation since the days of NT using the registry and since 2000 using
group policy.

https://support.microsoft.com/en-gb/help/121007/how-to-disable-8-3-file-name-creation-on-ntfs-partitions

Sent from my iFurryUnderbelly.

--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav,
lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any message from »Q« the troll as stinky

Blake Snyder

unread,
Sep 20, 2017, 10:13:49 AM9/20/17
to
On Wed, 20 Sep 2017 14:01:02 -0000 (UTC), in
<news:optsat$g35$1...@news.mixmin.net>, Blake Snyder wrote:

> I don't know what VPN service I'm using at the moment, so I can't say
> whether it will add the Avast non-standard-on-purpose sig, but I will add
> my own sig below using the dash-dash-space syntax, just in case it does.
>
> --
> This is a manual sig following the dash-dash-space syntax.
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

OK. I tracked which VPN Service it was, and I change the name of that in my
constantly changing list of thousands of free VPN service configuration
files so that I can NOT use it for this identity!

:)

Also note that Avast configured the non-standard-sig on purpose to allow
our own sigs, where it added a triple-dash non-standard sig below my
double-dash standard sig.

Anyway, I'm not using that same VPN service for this email because I can
manually choose which VPN service I want to choose (although I generally
let the randomization do its thing without my intervention).

--
This VPN service is different than the last one which gave the avast sig.

Mick Finnlay

unread,
Sep 20, 2017, 10:39:10 AM9/20/17
to
Wolf K <wol...@sympatico.ca> wrote:

<snipped a lot of nonsense>

Almost nothing in your post is factually correct. Read up on the design
of Windows NT and then try again.

--
Mick

Wolf K

unread,
Sep 20, 2017, 12:59:48 PM9/20/17
to
On 2017-09-20 10:08, p-0''0-h the cat (coder) wrote:
> On Wed, 20 Sep 2017 10:01:02 -0400, Wolf K<wol...@sympatico.ca> wrote:
>
>> So to eliminate the 8.3 format from Windows would require rewriting the
>> kernel at a rather low level.
> This is completely wrong. You have been able to disable 8.3 file name
> creation since the days of NT using the registry and since 2000 using
> group policy.
>
> https://support.microsoft.com/en-gb/help/121007/how-to-disable-8-3-file-name-creation-on-ntfs-partitions
>
> Sent from my iFurryUnderbelly.


Thanks for corrected info.

Blake Snyder

unread,
Sep 20, 2017, 1:11:38 PM9/20/17
to
On Wed, 20 Sep 2017 11:34:06 +0100, in
<news:6f4uF1Le...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:

>>Since there is no way now to NOT reboot (ask me how I know), I will have to
>
> OK I'm asking (-: [If this was the result of it running HP's own
> uninstaller as _part_ of a revo uninstall, I'd probably do my best _not_
> to have it reboot at that point.]

All (all) of the uninstallers I've tried so far did was run the HP
uninstaller, which obviously doesn't work and always requires a reboot.

It's not a big deal other than to say that uninstallers aren't all they're
cracked up to be if all they do is run the HP uninstaller which fails to
uninstall every time.

Blake Snyder

unread,
Sep 20, 2017, 1:11:38 PM9/20/17
to
On Wed, 20 Sep 2017 10:01:02 -0400, in
<news:BwuwB.37011$QC2....@fx19.iad>, Wolf K wrote:

> So to eliminate the 8.3 format from Windows would require rewriting the
> kernel at a rather low level.

I think you have a great perspective on this problem.

I find that most people (not you - but most) seem to think that the 8+3
legacy is gone, so they look at me funnily when I tell them that it pops up
every once in a while, even on Windows 10.

Then they tell me to "prove it" where I don't feel like digging into the
dirt just to prove to them what I already know because it bites me every
once in a while.

So I'm glad that you're not one person that I have to "prove it" to.
:)

Blake Snyder

unread,
Sep 20, 2017, 1:11:38 PM9/20/17
to
On Wed, 20 Sep 2017 12:39:35 +0800, in
<news:opsre7$6gj$1...@toylet.eternal-september.org>, Mr. Man-wai Chang wrote:

>> So it really is crap.
>>
>
> I still don't find a use for it after all these years...

Do you do these half dozen tasks with freeware?
If so, what freeware do you use for those tasks that you do?

1. Registry cleaning = what is the best freeware for this?
2. File cleaning = what is the best freeware for this?
3. Autorun disabling = Mark Russinovich's autoruns freeware
4. Browser plugin disabling = what is the best freeware for this?
5. Program uninstaller = Revo uninstaller freeware
6. Duplicate finder = <http://www.top5freeware.com/duplicate-file-finder>
7. Drive wiper = <https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html>

Blake Snyder

unread,
Sep 20, 2017, 1:11:38 PM9/20/17
to
On Wed, 20 Sep 2017 12:59:44 -0400, in
<news:48xwB.169470$OC1.1...@fx06.iad>, Wolf K wrote:

>>> So to eliminate the 8.3 format from Windows would require rewriting the
>>> kernel at a rather low level.
>> This is completely wrong. You have been able to disable 8.3 file name
>> creation since the days of NT using the registry and since 2000 using
>> group policy.
>>
>> https://support.microsoft.com/en-gb/help/121007/how-to-disable-8-3-file-name-creation-on-ntfs-partitions
>>
>> Sent from my iFurryUnderbelly.
>
>
> Thanks for corrected info.

Does this "prove" that 8+3 is completely gone from Windows 10?

I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
create.

I don't know how they got created but the creation probably has something
to do with the fact that I re-defined the %TMP% & %TEMP% and all the other
Windows temp directories to things like c:\tmp\junk\windows_temp\

After that, Windows 10 did its thing to create those 8+3 directories.

Blake Snyder

unread,
Sep 20, 2017, 1:11:42 PM9/20/17
to
On Wed, 20 Sep 2017 11:43:05 +0100, in
<news:IuRyZfM5...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:

>>It *does* phone home, to:
>>https://www.revouninstaller.com/freeinstall_thankyou.html
>
> OK. I think blocking that doesn't stop it working, though.

I understand. What matters is "how" they call it.
If they call it by ip address, for example.
No big deal though so we can drop that matter.

> I certainly wouldn't claim it does everything I'd like it to. But if you
> try it with something less demanding (and on its strongest setting), I
> think you'll find it finds quite a lot of directories, files, and
> registry entries left over after an app's own uninstaller has run.
> (Depending on the app., of course.) I find it acceptably useful.

I like it.
I think that the Ccleaner "leatherman" approach of doing lots of things is
OK but the approach of having a single tool do a single job (like
uninstalling apps) is a better approach.

The work is in finding the best freeware to do the main jobs that CCleaner
does:
1. Registry cleaning
2. File cleaning
3. Autorun disabling
4. Browser plugin disabling
5. Program uninstaller
6. Duplicate finder
7. Drive wiper

> This started with me saying something like "how does it compare to
> revo", after you'd mentioned an uninstaller you use (I forget what): I'd
> still be interested in your opinion as to how the two compare. (I'm
> guessing that your alternative uninstaller didn't kill the HP stuff
> either! I find HP printers reasonable, but their installers an amazing
> example of bloatware and misleading.)

Nothing killed the HP stuff.
No big deal. We live with this (and learn from it).

I do like the Revo uninstaller, so here's my list of "best" freeware to the
half dozen things that CCleaner does:

1. Registry cleaning = what is the best freeware for this?
2. File cleaning = what is the best freeware for this?
3. Autorun disabling = Mark Russinovich's autoruns freeware
4. Browser plugin disabling = what is the best freeware for this?
5. Program uninstaller = Revo uninstaller freeware
6. Duplicate finder = <http://www.top5freeware.com/duplicate-file-finder>
7. Drive wiper = <https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html>

Blake Snyder

unread,
Sep 20, 2017, 1:18:20 PM9/20/17
to
On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in
<news:opu7g7$3h8$4...@news.mixmin.net>, Blake Snyder wrote:

> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

I thought I removed the errant VPN server but I realized that there was a
duplicate because there it TCP and UDP based configuration files.

So I disabled both the TCP and UDP VPN config file for the VPN server that
adds that Avast sig and header.

I can't promise the *next* VPN service won't do it but 99 out of 100 don't
add that line so most of the time this will work.

Each day there are another hundred servers that get added while another
hundred are deprecated so the list fluctuates daily.

This is a new free VPN server (just added today) so we'll see what it does.

Wolf K

unread,
Sep 20, 2017, 1:51:03 PM9/20/17
to
On 2017-09-20 13:11, Blake Snyder wrote:
> On Wed, 20 Sep 2017 12:59:44 -0400, in
> <news:48xwB.169470$OC1.1...@fx06.iad>, Wolf K wrote:
>
>>>> So to eliminate the 8.3 format from Windows would require rewriting the
>>>> kernel at a rather low level.
>>> This is completely wrong. You have been able to disable 8.3 file name
>>> creation since the days of NT using the registry and since 2000 using
>>> group policy.
>>>
>>> https://support.microsoft.com/en-gb/help/121007/how-to-disable-8-3-file-name-creation-on-ntfs-partitions
>>>
>>> Sent from my iFurryUnderbelly.
>>
>>
>> Thanks for corrected info.
>
> Does this "prove" that 8+3 is completely gone from Windows 10?

No, it's the default. Disabling it is the option. Hiding the extension
in Explorer is the default, showing is the option.

OTOH, since Windows uses the extension to identify file-types,
eliminating it would probably cause some troubles. Many files show
type-data in their first few bytes, but some, it seems, do not.

> I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
> create.
>
> I don't know how they got created but the creation probably has something
> to do with the fact that I re-defined the %TMP% & %TEMP% and all the other
> Windows temp directories to things like c:\tmp\junk\windows_temp\
>
> After that, Windows 10 did its thing to create those 8+3 directories.
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>


p-0''0-h the cat (coder)

unread,
Sep 20, 2017, 2:01:10 PM9/20/17
to
On Wed, 20 Sep 2017 17:11:34 -0000 (UTC), Blake Snyder
<blakebla...@outlook.com> wrote:

>On Wed, 20 Sep 2017 12:59:44 -0400, in
><news:48xwB.169470$OC1.1...@fx06.iad>, Wolf K wrote:
>
>>>> So to eliminate the 8.3 format from Windows would require rewriting the
>>>> kernel at a rather low level.
>>> This is completely wrong. You have been able to disable 8.3 file name
>>> creation since the days of NT using the registry and since 2000 using
>>> group policy.
>>>
>>> https://support.microsoft.com/en-gb/help/121007/how-to-disable-8-3-file-name-creation-on-ntfs-partitions
>>>
>>> Sent from my iFurryUnderbelly.
>>
>>
>> Thanks for corrected info.
>
>Does this "prove" that 8+3 is completely gone from Windows 10?

That wasn't the statement I corrected. It doesn't require a rewrite of
the kernel to turn this functionality off.

This is a legacy function to support applications which use 8.3 format.
So it's the application that needs it not Windows 10.

>I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
>create.
>
>I don't know how they got created but the creation probably has something
>to do with the fact that I re-defined the %TMP% & %TEMP% and all the other
>Windows temp directories to things like c:\tmp\junk\windows_temp\

I suspect you are running older applications and redefining the path to
the temp folders has just exposed stuff that Windows usually hides from
the end user if you don't mess with the MS default folder paths that is.

BTW. What you see through windows explorer is *folders* and not
directories.

Directories are a file system concept and folders are a GUI/end user
concept.

Folders don't necessarily show the directory as it is.

>After that, Windows 10 did its thing to create those 8+3 directories.

It's not essential to the functionality of the file system as you have
been suggesting or some magical old code lurking from before the
dinosaurs that cannot be altered without raising the dead. Neither are
these special directories. From recollection and I cannot be arsed to
research it but every directory has two names unless this functionality
is disabled.

Char Jackson

unread,
Sep 20, 2017, 2:36:53 PM9/20/17
to
On Wed, 20 Sep 2017 14:01:02 -0000 (UTC), Blake Snyder
<blakebla...@outlook.com> wrote:

>What amazes me but I haven't delved into why, is that when I tell people
>that even with Windows 10, you have to keep to 8+3 syntax, they say "prove
>it", where I don't keep a log of the times that the tilde shows up.

If that's how you pitch the idea to people, I'd say they're right to
push back. As a user, you haven't *needed* to use 8.3 syntax since
nearly forever, but by default Windows can use it behind the scenes. And
of course, you can use it yourself, whether you intentionally name
something with 8.3 or you simply let Windows create the 8.3 name and you
simply start using what Windows assigned. The dir command can show you
the 8.3 names when you use the /x argument.

>The two things I can say, without actually being able to point to an actual
>example at the moment, is that when I don't use 8+3, then I need
>doublequotes when I shouldn't need them and the tilde shows up in the
>oddest places where you can rest assured I never created a directory named
>"C:\tmp\WINDOWS~".

Double quotes are typically needed when the path or the filename
contains one or more spaces, and the tilde should really only show up in
the 7th character position of the 8.3 filename. I'm guessing you could
make it 'walk left' by intentionally creating files where the 8.3 name
would collide with an existing 8.3 name, assuming the 8.3 names have
been generated by Windows, of course.

The other use case for tildes is as a leading character for temp files,
but you won't be confusing that use case with 8.3 names.

>For one, I never use capital letters, and for the other, I never use tilde
>in a name. But Microsoft seems to love both.

I have no problem with leading capitals and in fact I generally use
'title case', where every word is capitalized. Plus, I like the fact
that Windows uses a unique character, meaning something I'd never use on
my own, to designate generated 8.3 names. That makes them easy to
identify.

Mr. Man-wai Chang

unread,
Sep 20, 2017, 2:42:05 PM9/20/17
to
On 21/9/2017 1:11 AM, Blake Snyder wrote:
> Do you do these half dozen tasks with freeware?
> If so, what freeware do you use for those tasks that you do?
>
> 1. Registry cleaning = what is the best freeware for this?
> ....
I don't do that in my home PC. ;)

Not sure about technical support people in workplaces.

Char Jackson

unread,
Sep 20, 2017, 2:42:45 PM9/20/17
to
On Wed, 20 Sep 2017 17:11:35 -0000 (UTC), Blake Snyder
<blakebla...@outlook.com> wrote:

>Do you do these half dozen tasks with freeware?
>If so, what freeware do you use for those tasks that you do?
>
>1. Registry cleaning = what is the best freeware for this?
>2. File cleaning = what is the best freeware for this?
>3. Autorun disabling = Mark Russinovich's autoruns freeware
>4. Browser plugin disabling = what is the best freeware for this?
>5. Program uninstaller = Revo uninstaller freeware
>6. Duplicate finder = <http://www.top5freeware.com/duplicate-file-finder>
>7. Drive wiper = <https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html>

Of those 6 items, I only (occasionally) do #6. I use a tool called
Duplicate Cleaner Free (https://www.digitalvolcano.co.uk/).
No idea if it's the best, but I apparently like it well enough that I've
been using it for quite a few years without wanting to find a
replacement.

I have no use for the other 6 tasks. Yes, I know what each task is
about, so no need to assume something else.

Sam E

unread,
Sep 20, 2017, 4:10:06 PM9/20/17
to
On 09/20/2017 12:11 PM, Blake Snyder wrote:

[snip]

> I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
> create.

WINDOWS~1 has 9 characters, so can't fit into 8.3.

[snip]


Blake Snyder

unread,
Sep 20, 2017, 5:27:09 PM9/20/17
to
Typo.
http://i.cubeupload.com/GFf3Bx.jpg

That is a screenshot of my junk folder which contains the Windows & VIM
temps...

Never do I use capital letters or tildes in file or folder names.



Blake Snyder

unread,
Sep 20, 2017, 5:31:46 PM9/20/17
to
On Wed, 20 Sep 2017 13:36:09 -0500, in
<news:a4c5sc9258ktshfcm...@4ax.com>, Char Jackson wrote:

> If that's how you pitch the idea to people, I'd say they're right to
> push back. As a user, you haven't *needed* to use 8.3 syntax since
> nearly forever, but by default Windows can use it behind the scenes. And
> of course, you can use it yourself, whether you intentionally name
> something with 8.3 or you simply let Windows create the 8.3 name and you
> simply start using what Windows assigned. The dir command can show you
> the 8.3 names when you use the /x argument.

All I can tell you in response is that the 8+3 shows up on its own.

For example, I am super duper positive I never created any folder using
capital letters and a tilde - but there it is - in my Windows 10 junk
folder for the temp variables for both Windows and VIM.

http://i.cubeupload.com/GFf3Bx.jpg

Who created it and put it there if not Windows herself?

Char Jackson

unread,
Sep 20, 2017, 6:20:09 PM9/20/17
to
On Wed, 20 Sep 2017 21:31:43 -0000 (UTC), Blake Snyder
<blakebla...@outlook.com> wrote:

>On Wed, 20 Sep 2017 13:36:09 -0500, in
><news:a4c5sc9258ktshfcm...@4ax.com>, Char Jackson wrote:
>
>> If that's how you pitch the idea to people, I'd say they're right to
>> push back. As a user, you haven't *needed* to use 8.3 syntax since
>> nearly forever, but by default Windows can use it behind the scenes. And
>> of course, you can use it yourself, whether you intentionally name
>> something with 8.3 or you simply let Windows create the 8.3 name and you
>> simply start using what Windows assigned. The dir command can show you
>> the 8.3 names when you use the /x argument.
>
>All I can tell you in response is that the 8+3 shows up on its own.

Yes, of course it does. I thought I said that.

>For example, I am super duper positive I never created any folder using
>capital letters and a tilde - but there it is - in my Windows 10 junk
>folder for the temp variables for both Windows and VIM.
>
>http://i.cubeupload.com/GFf3Bx.jpg
>
>Who created it and put it there if not Windows herself?

Windows! I thought I said that.

You can very easily test it for yourself. Create a file name or a folder
name that's longer than 8 characters or that has one or more spaces in
it. Now use dir /x to view it. There's the 8.3 name, created
automatically by Windows. From that point on, you can access that object
by either its long name or its short name. They are equivalent to each
other in that they both reference the exact same object.

That example holds for scenarios where the user created an object, but
if Windows needs to create an object for its own purposes, it's
perfectly free to skip the long name entirely and simply create the
object using the short name.

This behavior has existed since, what, Win 95?

Char Jackson

unread,
Sep 20, 2017, 6:26:59 PM9/20/17
to
Pretty hard to believe that a VPN server, which typically operates at
OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.

There's more to the story here. If this so-called VPN server is able to
muck around at Layer 7 for Usenet posts, what else is it doing to your
other traffic? I'd steer far, very far, from that kind of service. VPN
server, they ain't.

--

Char Jackson

p-0''0-h the cat (coder)

unread,
Sep 20, 2017, 6:49:39 PM9/20/17
to
On Wed, 20 Sep 2017 17:26:56 -0500, Char Jackson <no...@none.invalid>
Meethinks it's a proxy server list.

Blake Snyder

unread,
Sep 20, 2017, 9:19:01 PM9/20/17
to
On Wed, 20 Sep 2017 17:26:56 -0500, in
<news:pfq5sct378maa5u7h...@4ax.com>, Char Jackson wrote:

> Pretty hard to believe that a VPN server, which typically operates at
> OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.

I'm with you in that I don't understand how or why the VPN service would
add both header lines and a signature to the posts.

> There's more to the story here. If this so-called VPN server is able to
> muck around at Layer 7 for Usenet posts, what else is it doing to your
> other traffic? I'd steer far, very far, from that kind of service. VPN
> server, they ain't.

That particular server is from http://vpngate.net
Come to think of it, *all* the VPN servers which had that problem were
likely from vpngate.net.

Take a look at their web site.
Do they look like proxy servers?

They have typical openvpn configuration files just like all the other vpn
services out there do.

Blake Snyder

unread,
Sep 20, 2017, 9:19:08 PM9/20/17
to
On Wed, 20 Sep 2017 17:26:56 -0500, in
<news:pfq5sct378maa5u7h...@4ax.com>, Char Jackson wrote:

> Pretty hard to believe that a VPN server, which typically operates at
> OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.

I'm with you in that I don't understand how or why the VPN service would
add both header lines and a signature to the posts.

> There's more to the story here. If this so-called VPN server is able to
> muck around at Layer 7 for Usenet posts, what else is it doing to your
> other traffic? I'd steer far, very far, from that kind of service. VPN
> server, they ain't.

Blake Snyder

unread,
Sep 20, 2017, 9:25:43 PM9/20/17
to
On Wed, 20 Sep 2017 23:49:34 +0100, in
<news:8vr5scp6nv4fsdvbi...@4ax.com>, p-0''0-h the cat (coder)
wrote:

> Meethinks it's a proxy server list.

How/why are Avast headers & sig added to these messages?
https://groups.google.com/forum/#!topic/alt.free.newsservers/RPwLKAwflFY

The 1 of 200 openvpn config files that add Avast header crap are here:
https://vpngate.net

All you have to do, if you have openvpn freeware installed, is doubleclick
on this file below and you'll be on VPN on the service that adds the Avast
header stuff and sig stuff.

I'm actually *using* that same server so you'll see header crap in this
message if it isn't blocked because Usenet thinks it's a binary file.

test1: Failed because the server said it was a "binary" file.
test2: I added a beginning angle bracket to each line.

>###############################################################################
># OpenVPN 2.0 Sample Configuration File
># for PacketiX VPN / SoftEther VPN Server
>#
># !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
>#
># !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
>#
># This configuration file is auto-generated. You might use this config file
># in order to connect to the PacketiX VPN / SoftEther VPN Server.
># However, before you try it, you should review the descriptions of the file
># to determine the necessity to modify to suitable for your real environment.
># If necessary, you have to modify a little adequately on the file.
># For example, the IP address or the hostname as a destination VPN Server
># should be confirmed.
>#
># Note that to use OpenVPN 2.0, you have to put the certification file of
># the destination VPN Server on the OpenVPN Client computer when you use this
># config file. Please refer the below descriptions carefully.
>
>
>###############################################################################
># Specify the type of the layer of the VPN connection.
>#
># To connect to the VPN Server as a "Remote-Access VPN Client PC",
># specify 'dev tun'. (Layer-3 IP Routing Mode)
>#
># To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
># specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)
>
>dev tun
>
>
>###############################################################################
># Specify the underlying protocol beyond the Internet.
># Note that this setting must be correspond with the listening setting on
># the VPN Server.
>#
># Specify either 'proto tcp' or 'proto udp'.
>
>proto tcp
>
>
>###############################################################################
># The destination hostname / IP address, and port number of
># the target VPN Server.
>#
># You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
># specify the IP address instead of the hostname.
>#
># Note that the auto-generated below hostname are a "auto-detected
># IP address" of the VPN Server. You have to confirm the correctness
># beforehand.
>#
># When you want to connect to the VPN Server by using TCP protocol,
># the port number of the destination TCP port should be same as one of
># the available TCP listeners on the VPN Server.
>#
># When you use UDP protocol, the port number must same as the configuration
># setting of "OpenVPN Server Compatible Function" on the VPN Server.
>
>remote vpn812712198.opengw.net 1380
>
>
>###############################################################################
># The HTTP/HTTPS proxy setting.
>#
># Only if you have to use the Internet via a proxy, uncomment the below
># two lines and specify the proxy address and the port number.
># In the case of using proxy-authentication, refer the OpenVPN manual.
>
>;http-proxy-retry
>;http-proxy [proxy server] [proxy port]
>
>
>###############################################################################
># The encryption and authentication algorithm.
>#
># Default setting is good. Modify it as you prefer.
># When you specify an unsupported algorithm, the error will occur.
>#
># The supported algorithms are as follows:
># cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
># CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
># RC2-40-CBC RC2-64-CBC RC2-CBC
># auth: SHA SHA1 MD5 MD4 RMD160
>
>cipher AES-128-CBC
>auth SHA1
>
>
>###############################################################################
># Other parameters necessary to connect to the VPN Server.
>#
># It is not recommended to modify it unless you have a particular need.
>
>resolv-retry infinite
>nobind
>persist-key
>persist-tun
>client
>verb 3
>#auth-user-pass
>
>
>###############################################################################
># The certificate file of the destination VPN Server.
>#
># The CA certificate file is embedded in the inline format.
># You can replace this CA contents if necessary.
># Please note that if the server certificate is not a self-signed, you have to
># specify the signer's root certificate (CA) here.
>
><ca>
>-----BEGIN CERTIFICATE-----
>MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
>hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
>A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
>BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
>MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
>EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
>Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
>dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
>6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
>pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
>9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
>/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
>Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
>+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
>qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
>SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
>u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
>Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
>crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
>FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
>/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
>wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
>4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
>2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
>FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
>CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
>boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
>jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
>S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
>QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
>0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
>NVOFBkpdn627G190
>-----END CERTIFICATE-----
>
></ca>
>
>
>###############################################################################
># The client certificate file (dummy).
>#
># In some implementations of OpenVPN Client software
># (for example: OpenVPN Client for iOS),
># a pair of client certificate and private key must be included on the
># configuration file due to the limitation of the client.
># So this sample configuration file has a dummy pair of client certificate
># and private key as follows.
>
><cert>
>-----BEGIN CERTIFICATE-----
>MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
>aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
>MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
>5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
>4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
>CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
>XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
>p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
>ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
>hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
>UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
>+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
>Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
>6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
>-----END CERTIFICATE-----
>
></cert>
>
><key>
>-----BEGIN RSA PRIVATE KEY-----
>MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
>wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
>zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
>55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
>/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
>mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
>k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
>fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
>QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
>lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
>zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
>oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
>KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
>4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
>dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
>5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
>DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
>LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
>TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
>Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
>H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
>KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
>va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
>wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
>M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
>-----END RSA PRIVATE KEY-----
>
></key>

Blake Snyder

unread,
Sep 20, 2017, 9:36:29 PM9/20/17
to
On Thu, 21 Sep 2017 01:25:37 -0000 (UTC), in
<news:opv4eg$1sf$1...@news.mixmin.net>, Blake Snyder wrote:

> Here is the complete unadulterated config file which was valid today which
> produces not only the signature but also the header lines.

Here is a corresponding openvpn config file which I'm using at this exact
moment which does NOT produce the Avast header and signature in Usenet
posts.

Notice you can make two consecutive posts, where the first post uses one
VPN config file and the second post uses the second VPN config file with
nothing else changed - and guess what - one will have the Avast headers and
sig while the other won't.

One caveat, as Marek knows, these config files come and go so while they're
working at this very moment, they might not work ten minutes from now -
which is why Marek wrote all those scripts a few years ago for me and
others to benefit from where he tests them out and puts the good ones in a
bucket and the bad ones in a different bucket.

It's also why I have over six thousand of them by now, because the wget
scripts pull down a few hundred a day (but some are duplicates) so that's
why we use the geolocate scripts to ensure that they're the same even when
the name changes. It's all horribly simple and horribly complex at the same
time but it randomizes everything quite nicely and has been working for two
years now.

Anyway, remove the leading angle bracket which is the only change I had to
make to post this working file below that does NOT have the Avast
signatures and header lines.
>proto udp
>
>
>###############################################################################
># The destination hostname / IP address, and port number of
># the target VPN Server.
>#
># You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
># specify the IP address instead of the hostname.
>#
># Note that the auto-generated below hostname are a "auto-detected
># IP address" of the VPN Server. You have to confirm the correctness
># beforehand.
>#
># When you want to connect to the VPN Server by using TCP protocol,
># the port number of the destination TCP port should be same as one of
># the available TCP listeners on the VPN Server.
>#
># When you use UDP protocol, the port number must same as the configuration
># setting of "OpenVPN Server Compatible Function" on the VPN Server.
>
>remote vpn100895633.opengw.net 1698

J. P. Gilliver (John)

unread,
Sep 20, 2017, 9:58:30 PM9/20/17
to
In message <opu7g8$3h8$5...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
[]
>I think that the Ccleaner "leatherman" approach of doing lots of things is
>OK but the approach of having a single tool do a single job (like
>uninstalling apps) is a better approach.

I used to use another "Leatherman" tool - EasyCleaner, by Toni Helenius,
a young Finn. (Well, he was young when I used it!) I can't remember if
it did all the things Cc does, but it had a nice (IMO) user interface to
select them from. I've no idea whether it still exists; I do know he was
URL-squatted at one point, by a company that charged for his freeware.
>
>The work is in finding the best freeware to do the main jobs that CCleaner
>does:
[]
>I do like the Revo uninstaller, so here's my list of "best" freeware to the
>half dozen things that CCleaner does:
>
>1. Registry cleaning = what is the best freeware for this?
>2. File cleaning = what is the best freeware for this?
>3. Autorun disabling = Mark Russinovich's autoruns freeware
>4. Browser plugin disabling = what is the best freeware for this?
>5. Program uninstaller = Revo uninstaller freeware
>6. Duplicate finder = <http://www.top5freeware.com/duplicate-file-finder>
>7. Drive wiper =
><https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_s
>ecurely.html>

For duplicate finding in the special case of images, I like a utility
whose name I've forgotten that is very good at that task: it can compare
images of different formats (JPEG, GIF etc.), sizes, and IIRR even
orientations - and you can set a percentage match too. (It shows you the
putative matches side-by-side, which is good: normally its matching
algorithm is good, but occasionally it thinks two images are the same or
similar which a human can see are not.) Duplicate Image File Finder, or
something like that.
>
>---
>This email has been checked for viruses by Avast antivirus software.
>https://www.avast.com/antivirus
>
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

She's showing her age a little bit. I always say she doesn't have teething
troubles, she has denture troubles! - Timothy West (on their narrowboat!), RT
2014-March

J. P. Gilliver (John)

unread,
Sep 20, 2017, 10:06:32 PM9/20/17
to
In message <opu7g7$3h8$4...@news.mixmin.net>, Blake Snyder
<blakebla...@outlook.com> writes:
>On Wed, 20 Sep 2017 11:34:06 +0100, in
><news:6f4uF1Le...@soft255.demon.co.uk>, J. P. Gilliver (John) wrote:
>
>>>Since there is no way now to NOT reboot (ask me how I know), I will have to
>>
>> OK I'm asking (-: [If this was the result of it running HP's own
>> uninstaller as _part_ of a revo uninstall, I'd probably do my best _not_
>> to have it reboot at that point.]
>
>All (all) of the uninstallers I've tried so far did was run the HP
>uninstaller, which obviously doesn't work and always requires a reboot.

Did Revo - at its most aggressive setting - not find _some_
files/folders/registry entries that the HP uninstaller did not? (Even if
not significant.)
>
>It's not a big deal other than to say that uninstallers aren't all they're
>cracked up to be if all they do is run the HP uninstaller which fails to
>uninstall every time.
>
>---
>This email has been checked for viruses by Avast antivirus software.
>https://www.avast.com/antivirus
>

Blake Snyder

unread,
Sep 20, 2017, 10:21:38 PM9/20/17
to
On Thu, 21 Sep 2017 01:36:22 -0000 (UTC), in
<news:opv52k$3c5$1...@news.mixmin.net>, Blake Snyder wrote:

> Here is a corresponding openvpn config file which I'm using at this exact
> moment which does NOT produce the Avast header and signature in Usenet
> posts.

Since I can easily choose any of scores of nntp servers, I just chose
netfront which allows me to post the file naked (mixmin forced me to add an
angle bracket).

For anyone who knows how to use openvpn freeware on any platform...
1. Save this message as whatever.ovpn and strip out the ovpn file part.
2. Run it inside of openVPN (I just doubleclick on it) on any platform.
3. Post a message to Usenet. You'll get the Avast headers & sig lines!

I'm using *this* very file myself right not to post so it will add the
Avast headers and sig.

Notice I switched manually to netfront (I have scores of news servers to
choose from) so you will see the IP address of my nntp host in the header
too.

Be advised these openvpn config files go stale so the sooner you test it
out the better.
proto tcp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote vpn812712198.opengw.net 1380

Char Jackson

unread,
Sep 21, 2017, 12:54:47 AM9/21/17
to
On Thu, 21 Sep 2017 01:18:59 -0000 (UTC), Blake Snyder
<blakebla...@outlook.com> wrote:

>On Wed, 20 Sep 2017 17:26:56 -0500, in
><news:pfq5sct378maa5u7h...@4ax.com>, Char Jackson wrote:
>
>> Pretty hard to believe that a VPN server, which typically operates at
>> OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.
>
>I'm with you in that I don't understand how or why the VPN service would
>add both header lines and a signature to the posts.

Thanks for mentioning VPN Gate. A quick Google solved the mystery of the
additional headers and sig lines.

>> There's more to the story here. If this so-called VPN server is able to
>> muck around at Layer 7 for Usenet posts, what else is it doing to your
>> other traffic? I'd steer far, very far, from that kind of service. VPN
>> server, they ain't.
>
>That particular server is from http://vpngate.net
>Come to think of it, *all* the VPN servers which had that problem were
>likely from vpngate.net.
>
>Take a look at their web site.
>Do they look like proxy servers?

Yes. Proxy servers with a VPN front end that clients connect to.

From the perspective of the remote user, you for example, they look just
like a VPN server. However, instead of popping out of the VPN tunnel
directly onto the Internet, traffic apparently flows through a proxy.
From there, it can be examined, stored, modified, whatever.

HOWEVER, since the actual servers that VPN Gate steers clients to are
simply volunteered for use by their owners, there could indeed be a
large helping of actual VPN servers in the mix. They don't all have to
be shady.

>They have typical openvpn configuration files just like all the other vpn
>services out there do.

Yep. Anyone can set up one of those and submit it to VPN Gate for use by
unsuspecting clients.

Char Jackson

unread,
Sep 21, 2017, 1:01:20 AM9/21/17
to
VPN Gate clearly doesn't advertise it that way, but I think you're
right. Since the actual VPN servers are just a loose assortment of
privately owned servers running VPN software, there's no telling what
else they do to passing traffic.

I'm tempted to set one up myself, just to see what kind of goodness
passes through on a daily basis. I could free up about 20TB of drive
space to use as temp storage until I can run scripts to find the good
stuff.

On the other hand, nah, forget it.

Andy

unread,
Sep 21, 2017, 2:49:26 AM9/21/17
to
Yes windows 95 Char :)

--
AL'S COMPUTERS
"Char Jackson" <no...@none.invalid> wrote in message
news:6up5scl4p9151vekd...@4ax.com...

Andy

unread,
Sep 21, 2017, 2:51:29 AM9/21/17
to
As long as something works for you char that's all that matters.
I my self use 5,6 ,7 and like them all.


--
AL'S COMPUTERS
"Char Jackson" <no...@none.invalid> wrote in message
news:vbd5schr3gbh3qnr8...@4ax.com...

p-0''0-h the cat (coder)

unread,
Sep 21, 2017, 5:07:40 AM9/21/17
to
On Thu, 21 Sep 2017 00:01:16 -0500, Char Jackson <no...@none.invalid>
The bottom line is if you need to use a VPN use a company you pay. With
payment you have a legal contract, and with that the ability to sue.
Pick someone who likely fears being sued and having their reputation
tarnished. So a long time player with a good reputation is ideal. Check
the service they offer in particular retention of log files and AVOID
like the plague any company that even suggests operating outside of the
law. I'd also look for a company that targets business at least as much
as individuals. Businesses are more likely to sue and sue hard if
shenanigans are uncovered.

You only need to use a little imagination to realise quite what you
could do if you had criminal or state surveillance intent.

David B.

unread,
Sep 21, 2017, 5:09:00 AM9/21/17
to
On 21-Sep-17 1:24 AM, J. P. Gilliver (John) wrote:
> In message <opu7g8$3h8$5...@news.mixmin.net>, Blake Snyder
> <blakebla...@outlook.com> writes:
> []
>> I think that the Ccleaner "leatherman" approach of doing lots of
>> things is
>> OK but the approach of having a single tool do a single job (like
>> uninstalling apps) is a better approach.
>
> I used to use another "Leatherman" tool - EasyCleaner, by Toni Helenius,
> a young Finn. (Well, he was young when I used it!) I can't remember if
> it did all the things Cc does, but it had a nice (IMO) user interface to
> select them from. I've no idea whether it still exists; I do know he was
> URL-squatted at one point, by a company that charged for his freeware.

It's still here:-

http://personal.inet.fi/business/toniarts/ecleane.htm

I first came across it on Pierre's web site:-

http://pierre.szwarc.free.fr/en/ln.php

Pierre, of course, is one of the stalwart 'advisers' from the User2User
group which used to be hosted on the Annexcafe newsserver. Now, of
course, it's hosted on the 'news.dogagent.com' server.

--
David B.



David B.

unread,
Sep 21, 2017, 5:13:52 AM9/21/17
to
IAWTP

The same can probably be said about newsservers! ;-)

--
David B.

p-0''0-h the cat (coder)

unread,
Sep 21, 2017, 5:40:53 AM9/21/17
to
It depends on the T&Cs of exactly what they offer of course but sure if
they offer privacy and anonymity and deletion of log files after a
lawful period etc and they fail to deliver you have greater recourse to
law with a contract. Proving loss might be more difficult. The service
is more limited and wanting to pay for legal recourse in this case is
unlikely. The fact is though that companies are more likely to work
within the law and provide what they contract to do. There are plenty of
honest people around. No guarantees though, ever. Set up your own
service if you want to approach that.

Don't think I didn't notice the nym shift. One false move and my itchy
paw will descend.

J. P. Gilliver (John)

unread,
Sep 21, 2017, 6:08:30 AM9/21/17
to
In message <opvvj7$1n34$1...@gioia.aioe.org>, David B.
<Dav...@nomail.afraid.org> writes:
>On 21-Sep-17 1:24 AM, J. P. Gilliver (John) wrote:
[]
>> I used to use another "Leatherman" tool - EasyCleaner, by Toni
>>Helenius, a young Finn. (Well, he was young when I used it!) I can't
>>remember if it did all the things Cc does, but it had a nice (IMO)
>>user interface to select them from. I've no idea whether it still
>>exists; I do know he was URL-squatted at one point, by a company that
>>charged for his freeware.
>
>It's still here:-
>
>http://personal.inet.fi/business/toniarts/ecleane.htm

Good to know. Though it seems to have stopped at 2007 (Vista), so
probably unwise to use on later Windowses (what's the plural of
Windows?). Pity; I liked it - and an installer of only 2.81 MB, 5.13 MB
installed!
>
>I first came across it on Pierre's web site:-
>
>http://pierre.szwarc.free.fr/en/ln.php
>
>Pierre, of course, is one of the stalwart 'advisers' from the User2User
>group which used to be hosted on the Annexcafe newsserver. Now, of
>course, it's hosted on the 'news.dogagent.com' server.
>
Pierre's page says 2010 at the bottom. Looks like it was good.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

`Computers are useless. They can only give you answers.' Pablo Picasso, 1968

Brian Gregory

unread,
Sep 21, 2017, 10:13:41 AM9/21/17
to
On 19/09/2017 01:21, Blake Snyder wrote:
> On Mon, 18 Sep 2017 17:13:49 -0600, in <news:oppjvi$j1b$1...@dont-email.me>,
> Buffalo wrote:
>
>> Thanks, it sure gets you to that page a lot quicker, clever boy
>
> What free software do you recommend for checking this in the future?
>
> I have Wireshark, for example, but it's complex to use (as you may know).
> I also have Fiddler4, & TCPView, & Glasswire.
>
> None of those would have caught it though because all are active sniffers.
>
> What free software, as a passive sniffer, do you recommend that
> would/should have caught the spyware in CCleaner when even Avast & Kapersky
> didn't catch it?
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>

I think even Microsoft Security Essentials would stop the malware part
installing.

Also remember only 32 bit versions of Windows were affected.

--

Brian Gregory (in the UK).
To email me please remove all the letter vee from my email address.

Char Jackson

unread,
Sep 21, 2017, 10:24:49 AM9/21/17
to
On Thu, 21 Sep 2017 10:40:47 +0100, "p-0''0-h the cat (coder)"
Nym shift? That was just David (resident stalker, but trying to play
nice for now) chiming in.

p-0''0-h the cat (coder)

unread,
Sep 21, 2017, 10:57:36 AM9/21/17
to
On Thu, 21 Sep 2017 09:24:47 -0500, Char Jackson <no...@none.invalid>
Well I have these filtered. The term Nym was a little sloppy.

Author: David B <Dav...@nomail.invalid>
Author: David B. <bdo...@gmail.com>
Author: David B. <Dav...@nomail.afraid.invalid>
Author: Dav...@nomail.afraid.org

and this one is

David B. <Dav...@nomail.afraid.org>

I might be a bit out of date a.k.a too lazy to plonk sooner.

I'm expecting the usual favour to be asked in a mo. My paw is ready.

p-0''0-h the cat (coder)

unread,
Sep 21, 2017, 11:03:24 AM9/21/17
to
On Thu, 21 Sep 2017 08:34:18 -0600, H-Man <Sp...@bites.fs> wrote:
>It is at least plausible that the tilde at the end of the folder name has
>nothing to do, at all, with 8.3 file naming convention.

According to his screenshot the folder is named WINDOW~ not WINDOWS~
which is seven characters so you may well be right.

Paul

unread,
Sep 21, 2017, 11:34:11 AM9/21/17
to
p-0''0-h the cat (coder) wrote:
> On Thu, 21 Sep 2017 09:24:47 -0500, Char Jackson <no...@none.invalid>
> wrote:
>
>> On Thu, 21 Sep 2017 10:40:47 +0100, "p-0''0-h the cat (coder)"
>> <super...@fluffyunderbelly.invalid> wrote:

>>> Don't think I didn't notice the nym shift. One false move and my itchy
>>> paw will descend.
>> Nym shift? That was just David (resident stalker, but trying to play
>> nice for now) chiming in.
>
> Well I have these filtered. The term Nym was a little sloppy.
>
> Author: David B <Dav...@nomail.invalid>
> Author: David B. <bdo...@gmail.com>
> Author: David B. <Dav...@nomail.afraid.invalid>
> Author: Dav...@nomail.afraid.org
>
> and this one is
>
> David B. <Dav...@nomail.afraid.org>
>
> I might be a bit out of date a.k.a too lazy to plonk sooner.
>
> I'm expecting the usual favour to be asked in a mo. My paw is ready.
>
> Sent from my iFurryUnderbelly.

Normally he posts from a Macintosh. Today, for giggles,
he is posting from his Win10 PC. I think this may account
for the nym shift.

By definition, you can't be the same person when you do that.

https://en.wikipedia.org/wiki/File:Getamac.png

Paul

p-0''0-h the cat (coder)

unread,
Sep 21, 2017, 11:39:33 AM9/21/17
to

Mark Lloyd

unread,
Sep 21, 2017, 1:10:31 PM9/21/17
to

[snup]

> It is at least plausible that the tilde at the end of the folder name has
> nothing to do, at all, with 8.3 file naming convention.
>

The directory has an 8-character field the name must fit in. If the
tilde isn't one of those there would have to be something to distinguish
WINDOWS~1 from WINDOWS1

--
95 days until the winter celebration (Monday December 25, 2017 12:00:00
AM for 1 day).

Mark Lloyd
http://notstupid.us/

"Atheism is not a belief in the same sense that astigmatism, rheumatism,
and botulism are not beliefs."

Blake Snyder

unread,
Sep 21, 2017, 3:18:52 PM9/21/17
to
On Thu, 21 Sep 2017 10:07:36 +0100, in
<news:9bv6sc9p7a8j544f0...@4ax.com>, p-0''0-h the cat (coder)
wrote:

> You only need to use a little imagination to realise quite what you
> could do if you had criminal or state surveillance intent.

I am not going to disagree with your intimation since I know that NK or
Russia or China, for example, has lots of money so what would it be to them
to "volunteer" to set up a few thousand of the free VPN servers (and Tor
entrance and exit nodes).

Especially when the entire vpngate.net premise is to circumvent government
surveillance.

Low latency attackers thrive on this kind of data of culling data from two
servers at the same time.

Of course, we're talking about the government spying on my Usenet posts,
which, if we think a bit more about it, won't be all that revealing to them
because they can read whatever I post right here anyway. :)

I realize I'm using VPN not for what most people use it for.
. Most people use VPN to protect their data from prying eyes.
. Not to protect their VPN server IP address.

I'm the opposite.
. I don't care to protect the data.
. I'm trying to hide the IP address from the hoi polloi.

Given my IP address is static and unchanging for the past decade, and given
that I post copiously to Usenet with tremendous detail, anyone who had all
my posts would be able to geolocate me down to the color of my bedsheets.

If you know of a better way to easily change the IP address while at home
for Usenet posts and web forums, please do let me (and everyone) know!

I don't know of a better method that is legal.

Blake Snyder

unread,
Sep 21, 2017, 3:24:40 PM9/21/17
to
On Thu, 21 Sep 2017 10:13:48 +0100, in <news:opvvsb$1nj6$1...@gioia.aioe.org>,
David B. wrote:

>> You only need to use a little imagination to realise quite what you
>> could do if you had criminal or state surveillance intent.
>
> IAWTP
>
> The same can probably be said about newsservers! ;-)

You are correct that the news servers also know your IP address and what
you post, where they know what you post from every identity.

That's why my scripts randomize certain things and lock certain things.

For example, if I read a group using a newsgroup, I use a different news
server to read that group than I use to post to that group.

That way each news server gets only half the information that the other
news server has the other half to.

Also I try to lock a VPN address to an identity at any one point in time,
so that the news server sees a consistent IP address - but of course I
can't control that IP address if it goes stale so they see a consistent
"set" of IP addresses.

I never re-use that IP address for another news server, so there shouldn't
be much cross correlation, but of course, since the resulting post is
completely in the clear, then anyone who felt like manually correlating,
would be able to do so.

The good news though with these scripts is that the news server should
never get your real IP address nor do they get your real time zone location
information nor do they get your real news client headers, etc.

But to your point, if an adversary wanted to watch the traffic of two news
servers, the one that you post to and the one that you read from, they'd
see both ends of the equation.

Again, we have to put all this "privacy" into perspective since the end
result is a Usenet message or Web Forum post that is in the clear where the
entire world can see it anyway.

It would be a different story altogether if we were trying to protect our
"data" itself.

Blake Snyder

unread,
Sep 21, 2017, 3:27:28 PM9/21/17
to
On Thu, 21 Sep 2017 10:40:47 +0100, in
<news:c817sc19lb0f4f54u...@4ax.com>, p-0''0-h the cat (coder)
wrote:

> Don't think I didn't notice the nym shift. One false move and my itchy
> paw will descend.

I'm not sure whom you're accusing of nym shifting but I'll just state
outright that I never nym shift within a thread or topic, out of principle.

Sometimes it accidentally happens, especially when I move from my Linux
scripts to my Windows scripts, but I try to keep accidents to a minimum.

In this case, if you noticed a nym shift in this thread, it wasn't me.
But of course, if I did nym shift, I'd deny it so I understand that you
wouldn't (and shouldn't) believe that if you were saying that it was I who
did the nym shifting in this thread.

No need to reply as I understand.

Blake Snyder

unread,
Sep 21, 2017, 3:31:35 PM9/21/17
to
On Wed, 20 Sep 2017 23:54:40 -0500, in
<news:90h6scto4n9ccm0tj...@4ax.com>, Char Jackson wrote:

> HOWEVER, since the actual servers that VPN Gate steers clients to are
> simply volunteered for use by their owners, there could indeed be a
> large helping of actual VPN servers in the mix. They don't all have to
> be shady.

The good news is that only 1 out of a hundred or two hundred seem to add
those Avast header lines and signature.

Since the Avast header bothers me (because I like to control the header)
and since the Avast signature bothers others (because it just does), I
strive to remove them from the list of six thousand free vpn servers I
currently have.

However a new one can pop up tomorrow since I wget a few hundred a day.
:(

Blake Snyder

unread,
Sep 21, 2017, 3:39:04 PM9/21/17
to
On Wed, 20 Sep 2017 13:42:39 -0500, in
<news:vbd5schr3gbh3qnr8...@4ax.com>, Char Jackson wrote:

> Of those 6 items, I only (occasionally) do #6. I use a tool called
> Duplicate Cleaner Free (https://www.digitalvolcano.co.uk/).
> No idea if it's the best, but I apparently like it well enough that I've
> been using it for quite a few years without wanting to find a
> replacement.
>
> I have no use for the other 6 tasks. Yes, I know what each task is
> about, so no need to assume something else.

I remember that name.
I have used it in the past too.
Thanks for reminding me.

One problem with my archival method is that I didn't transfer the WinXP
archives to Win7 and then to Win10 so some of the older stuff is on a disc
somewhere in a huge pile of them.

Thanks for suggesting "DuplicateCleaner" from <https://www.digitalvolcano.co.uk>
oooops. Is it free?

https://www.digitalvolcano.co.uk/dcdownloads.html
This implies it's not free ... oh ... I see...

Here is the free version
http://download.cnet.com/Duplicate-Cleaner/3000-2248_4-10584403.html

J. P. Gilliver (John)

unread,
Sep 21, 2017, 3:59:00 PM9/21/17
to
In message <4oSwB.83039$sH2....@fx05.iad>, Mark Lloyd
<n...@mail.invalid> writes:
>
>[snup]
>
>> It is at least plausible that the tilde at the end of the folder name has
>> nothing to do, at all, with 8.3 file naming convention.
>>
>
>The directory has an 8-character field the name must fit in. If the
>tilde isn't one of those there would have to be something to
>distinguish WINDOWS~1 from WINDOWS1
>
Or Window~1 from Windows1 (-:
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

'It works for me' is not the same as it isn't broke - Kenn Villegas, 2010-2-19
in
https://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-
technically/

p-0''0-h the cat (coder)

unread,
Sep 21, 2017, 4:34:24 PM9/21/17
to
I understand what you are doing and why you are doing it. Do I know of a
better method well these are my thoughts.

It makes sense to hide your IP from the Usenet provider for many
reasons. Even if they do hide it in the header they leak on occasion and
some of the server operators are let's say sometimes a little too close
to the action.

So you use a VPN. Fine. Not one but many. IMO not so fine.

As shown the VPN server can be a front end to other tech like a proxy
server. Proxies are old tech and there are technologies out there which
can do so much more. Anyway, bottom line here is your IP is known to the
VPN server and that means the content exposed by the proxy can be linked
to the IP address known to the VPN server.

So they gotcha. If that's what they want to do.

Most of these guys [gender non specific] are probably straight up. They
just want to scan whatever you are posting for viruses because they are
just good guys and also perhaps they want to protect themselves from
getting their arses sued etc.

But, by posting through a number of servers you are in fact increasing
the chance of encountering a bad guy.

Compare that to using just the one VPN provider. See my other post about
picking one. If you pick the right one and unfortunately I suspect you
will have to pay for it you have a far greater guarantee that your IP +
content are never linked.

Char Jackson

unread,
Sep 21, 2017, 7:11:39 PM9/21/17
to
Since it happens after your data has left your system, I guess there
isn't anything you can do to prevent it except what you're doing.

Personally, the Avast stuff doesn't really bother me, but I know it
bothers others.

This has been an interesting exercise. I had no idea that it was that
easy to become an official VPN gateway and have random people send their
traffic through. Oh, the possibilities.

Char Jackson

unread,
Sep 21, 2017, 7:18:03 PM9/21/17
to
You got it. That's why I referred to it as "... Free" above, to call out
its freeness. In the free version, if you click the menu item to upgrade
to Pro, it gives you a bulleted list of Pro's advantages. So far, the
free version has been good enough for me.

Blake Snyder

unread,
Sep 21, 2017, 11:04:17 PM9/21/17
to
On Thu, 21 Sep 2017 21:34:17 +0100, in
<news:ik68schg2juskkv87...@4ax.com>, p-0''0-h the cat (coder)
wrote:

> It makes sense to hide your IP from the Usenet provider for many
> reasons. Even if they do hide it in the header they leak on occasion and
> some of the server operators are let's say sometimes a little too close
> to the action.

It's interesting that you mention that some of the news servers leak the
nntp posting host accidentally, in the clear, which is an experience I've
had in the past (was it with Ray Bananna's server?)

I think the explanation was that the particular set of newsgroups caused
the nntp posting host to leak but I'd have to delve into the archives to
find which server it was, and why.

Certainly some servers never change their hash (the changing of which is a
basic necessity with any cipher) and others hash only half the header
information (e.g., not the nntp posting account).

If I look in my 10,000-line long obfuscation log file, last I ran tests was
*years* ago, but here's a cut and paste section to give you an idea.

// Mixmin (best for privacy because the posting host hash changes)
// Aioe (not good for privacy because the posting host hash is static)
// Netfront (horrid for privacy because the posting host is cleartext)
// Sunsite.dk (horrid for privacy because the posting host is cleartext)
// Albasani (ok for privacy because hashes change with every post)
// Blueworld (ok for privacy because hashes change with every post)
// Solani (ok for privacy because hashes change with every post)
// Eternal-Sept (terrible for privacy because the hash is constant &
static)
// News4all (ok for privacy because hashes change with every post)
etc.

As I said in another recent thread, I gave up on trusting header hash
obfuscation in favor of changing all the headers (including the account
information and IP address).

The news server header hashing is just gravy on top of my header changing.
If you know of better methods though, I'm all ears.

> So you use a VPN. Fine. Not one but many. IMO not so fine.

Actually, I use about six thousand VPN servers.
Well, probably at any one time only about 600 are "active".
And for any one identity, I try to stick with the same IP address.
I do that to blend in with the herd.

> As shown the VPN server can be a front end to other tech like a proxy
> server. Proxies are old tech and there are technologies out there which
> can do so much more. Anyway, bottom line here is your IP is known to the
> VPN server and that means the content exposed by the proxy can be linked
> to the IP address known to the VPN server.

Yep. Now if I could "doubleVPN" ... that would be nice!
Or if I could proxy on top of VPN (or vice versa) that would be nice.

For just one example, if I am on VPN, and if I reset my Opera unique IDs,
and if I then turn on the Opera VPN (which seems to be a proxy more than a
VPN), then Opera, supposedly, doesn't know who I am.

Does that make sense?

If I could double-vpn all ports, or proxy-vpn all ports, that doubleVPN
would be heaven (although there are always speed costs involved).

> So they gotcha. If that's what they want to do.

Understood. But do you know of a better system (cost/benefit)?

> Most of these guys [gender non specific] are probably straight up. They
> just want to scan whatever you are posting for viruses because they are
> just good guys and also perhaps they want to protect themselves from
> getting their arses sued etc.

Or they misconfigured their server. :(

> But, by posting through a number of servers you are in fact increasing
> the chance of encountering a bad guy.

True dat.
You bring up all good points.
I won't disagree.

I just want good alternatives from a cost/benefit standpoint.

> Compare that to using just the one VPN provider. See my other post about
> picking one. If you pick the right one and unfortunately I suspect you
> will have to pay for it you have a far greater guarantee that your IP +
> content are never linked.

You have to pay for it anonymously, but we all know there are ways to do
that (someday I will have a need to learn how to use bitcoin).

Mark Lloyd

unread,
Sep 22, 2017, 12:13:59 PM9/22/17
to
On 09/21/2017 01:31 PM, J. P. Gilliver (John) wrote:

[snip]

>> The directory has an 8-character field the name must fit in. If the
>> tilde isn't one of those there would have to be something to
>> distinguish WINDOWS~1 from WINDOWS1
>>
> Or Window~1 from Windows1 (-:

That would be assuming the tilde is a wildcard (like '?'). That isn't
what I was talking about.

--
94 days until the winter celebration (Monday December 25, 2017 12:00:00
AM for 1 day).

Mark Lloyd
http://notstupid.us/

"...to argue with a man who has renounced his reason is like giving
medicine to the dead." -- Ingersoll's Works, Vol. 1, p.127
It is loading more messages.
0 new messages