Main Line Commodore User Group


September 2008 Issue 316





For our main presentation this month we plan to have John D present an overview of Microsoft Vista. It has been noticed that about half our attending members use Vista and yet the club has never really done an in depth over view of it. And that is because until now none of the more advanced attending members has owned or used a copy of Vista. Well John went out and bought a copy for installation on his MacBook where it is now installed and is capable of running in two different modes – dual boot or as a virtual machine from a single installation.

John will briefly discuss Vista’s unique installation in his MacBook and then get into the more common issues concerning Vista features and configuration as they affect all users of this OS. Here’s a list of mini subjects that will most likely be presented:

To do justice to this Vista presentation will likely require more than one meeting.

As of right now, we do NOT plan on holding a formal advanced session at noon. However, if someone raises an advanced session issue we will be only too glad to try and address your issue at the noon hour.

Come out and join us for our September meeting. It’s a chance to learn how others are using and managing their computers and digital equipment.



This issue has been put together by the club treasurer, John D, who has become acting editor in Emil’s absence. Please excuse the changed appearance and content of this newsletter during this time.

Emil has been experiencing health problems which keep him from participating in the normal club activities. Please pray for his return to good health.



1) If you are a member and did not attend the December meeting, then you likely missed out on getting the end of year club DVD. If so, and you would like a copy, contact John M to make arrangements to get the DVD. (See the LAST MONTH’S MEETING section of the January newsletter for more info about the DVD.)

2) Club membership entitles you to receive a copy of the newsletter and access to our email list server, which is run for the benefit of our members. Please do not hesitate to post club and computer related notices and problems to it. If we can’t solve your problem remotely, we can be alerted to it ahead of the monthly meeting where more hands-on may help resolve your problem.

3) A few of the regular attendees usually partake of lunch at the Country Squire Diner in Broomall near the intersection of Routes 3 and 320. So, after the meeting, why not join us? It’s an opportunity to get more help and to discuss our common interests.



Attendance: 11 people in all attended the meeting on Saturday, August 9th.

Main Meeting Q&A: We began last month’s meeting with our normal round of questions and announcements. Among the questions and announcements, John D mentioned Spybot 1.6 is available, he has had issues with 3/5ths of his Threatfire installations, he bought a $90 Epson flatbed scanner, and there is an optional WinXP indexing and search update available from MS update; Tom J spoke of his Ethernet registry and HD issues; Don W asked for assistance related to email issues; Marty C mentioned changes at Micro Center especially with tech support and a Comodo firewall review; Pat S discussed issues related to the speed differential between wired and wireless networking and mentioned his FIOS TV box; Joan S discussed her rebuilt and refurbished computer following last month’s HD crash; Al G spoke of related Vista UAC issues; and Ted K had concerns related to Windows boot options.

Main Meeting Program: There were two parts to last month’s main meeting.

The first part was to gather information from attendees that might be useful in a future presentation on system and file backup and recovery. To the extent possible we collected information from each attendee about their backup practices. The information collected included primary OS, backup software used, what information was backed up, what hardware was used to store the backup information, and the frequency and number of backups maintained.

The second part of the meeting was used to do a quick presentation of utilities for WinXP that are available for download from Microsoft with specific focus on the PowerToy TweakUI utility. These utilities can be found at these URL’s along with descriptions:

And from the Microsoft website, here’s their description of TweakUI…

“This PowerToy gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more.

Version 2.10 requires Windows XP Service Pack 1 or Windows Server 2003.”

Advanced Meeting Program: No activity – no report.

Miss The Meeting? NOTE: Recordings of the meetings (made and edited for the web by John M) are online for you to download and listen to. Go to our web site:

and scroll a bit down the page to locate the Audio Archives. The audio is accessible from the web site as MP3 files. You can download and listen to them as you choose!



A Case For Not Disabling UAC – Vista’s UAC Can Stop Rootkit Installation


Vista's UAC spots rootkits, tests find

By John E. Dunn, Techworld

Love or hate its nagging prompts, Vista’s Account Control feature (UAC) has a security feature that marks it out from any other type of Windows security programme – it can spot rootkits before they install.

This is one finding buried in a report published in two German computer magazines some months ago after testing by the respected, which set out to find out how well anti-virus programmes fared against known rootkits.

The answer was not particularly well at all, either for Windows XP, or Vista-orientated products. Of 30 rootkits thrown at XP anti-malware scanners, none of the seven AV suites found all 30, a similar story to the six web-based scanners assessed. Only four of the 14 specialised anti-rootkit tools managed a perfect score.

The best of the all-purpose suites was Avira AntiVir Premium Security Suite, which found 29 active rootkits, with Norton finding as few as 18. The anti-rootkit tools fared better, with AVG Anti-Rootkit Free, GMER, Rootkit Unhooker LE, and Trend Micro Rootkit Buster achieving perfect scores. The scores for removal were patchy, however, with all failing to remove 100 percent of the rootkits they had found.

The results for Vista products were harder to assess because only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista's UAC itself spotted everything thrown in front of it.

Only three of the 17 AV tools for Vista managed to both detect and successfully remove them, F-Secure Anti-Virus 2008, Panda Security Antivirus 2008, and Norton Antivirus 2008.

Once on a PC, rootkits can bury themselves quietly, but they have to get to that point first. As long as users interpret prompts from the UAC system attentively, or those messages haven’t in some way been spoofed, rootkits struggle to jump to the PC without drawing attention to themselves.

That UAC can tell a user when a rootkit is trying to install itself is not in itself surprising, as Vista is supposedly engineered from the ground up to intercept all applications requests of any significance.

Rootkits matter. By their nature, they set out to bypass the operating system. Once installed, they can do whatever they like, including loading other malware from a position of privilege. The question is, how can one be sure that a scanner is spotting a type of program built on the principle of extreme stealth?

An interesting footnote to the XP rootkit testing was that the samples chosen included three ‘professsional’ rootkits, apparently legitimate programs designed to enforce things such as copy protection. The most infamous example of this category included is the Sony XCP/First4Internet rootkit, which caused the company so much embarrassment when it was discovered in 2005.

But in a period of weeks when Vista has received criticism for its rate of vulnerabilities, Microsoft’s programmers can at least point to evidence that UAC is efficient at stopping those infections from happening automatically.

The test, Anti-stealth Fighters: Testing for Rootkit Detection and Removal, was republished in the April issue of Virus Bulletin.




Quote from above BLOG: “If you try to block outbound connections from a computer that’s already compromised, how can you be sure that the computer is really doing what you ask? The answer: you can’t.”

If nothing else, this is a very thought provoking quote. Have we been sold an essentially worthless bill of goods these past few years? I think in the case of extreme malware we have. Does such extreme malware exist? How would you know if the outbound firewall has really been compromised? Think about it and read the above BLOG link.


DIRECTIONS FOR ST. AUGUSTINE CENTER MEETING ROOM Meetings are in the St. Augustine Center at Villanova University. The regular monthly sessions meet in Room 110.

Enter from the ITHAN AVENUE main gate, then proceed to the upper level of the 2-level parking building adjacent to the St. Augustine Center, on the Ithan Avenue side of the building. NOTE: maps on our web page -

     MLCUG Meetings 2008      Steering Committee Meetings
         September 13		September 17
         October 11		October 15
         November 8		November 12

EDITOR: Emil J. Volcheck, Jr.   1046 General Allen Lane    West Chester, PA 19382-8030
ACTING EDITOR: John W. Deker, Jr.  2210 Lantern Lane  Lafayette Hill, PA 19444-2211
Produced with PowerSpec 8922a: 2.6GHz Pentium 4, 3GB RAM, 640GB HD cap, Brother HL-5250DN laser printer, CD-RW/DVD±R/RW drives, Windows XP Home OS, MS Office XP, Ghostscript 8.54 & Bullzip PDF Printer software
MLCUG LISTSERV:		for members only...
VILLANOVA SPONSOR:	Prof. Frank Maloney, Dept. of Astronomy

PRESIDENT: Emil Volcheck 	610-793-5156	
TREASURER: John Deker 		610-828-7897	
WEBMASTER: Peter Whinnery 	610-284-5234	
AT LARGE:  Tom Johnson 		610-896-2434	
SECRETARY: Position open
DATABASE:  Layton Fireng	610-688-2080
AT LARGE:  Al Gottlieb		215-793-9725
AT LARGE:  John Murphy		610-935-4398