Sysinternals Suite

[Gene E. Bloch]

...or the more traditional version: "Just because you're paranoid doesn't
mean they're not out to get you."

Back to Sysinternals: arguably, Microsoft purchased Winternals in order to
get Russinovich to work for MS.

I suspect (without any proof) that Mark put into his contract with Microsoft
that the Sysinternals tools would continue to be both distributed and
updated. Many people (yours truly included) were worried that MS would kill
off the Sysinternals tools, but thankfully that's not happened. (And it's
worth noting that Mark has had a large hand in the "Windows Internals" books
from MS Press).

Having said that, the Sysinternals tools aren't necessarily the best choice
for every user in every situation. Jason Fossen gave a 2-hour presentation
on the "Process Hacker" open-source tool last Wednesday at Sansfire; it's
similar to Process Explorer but with a few additional bells and whistles.
You can download the handout from Jason's web page at SANS:

http://www.sans.org/windows-security/2012/05/31/process-hacker

This page also has a link to the SourceForge distribution point.

Incidentally, Fossen teaches a 6-day class on Windows security. It's
expensive (that's true of all the SANS classes) but is an excellent training
tool (also true of the SANS classes). It's also exhausting; I finished the
class this afternoon.

Joe

Meantime, thanks for the informative remarks about Sysinternals et al.

And I'll look at your link to SANS now.

 

[Char Jackson]

He can't

That is, of course, true by definition. But you knew that.

But to be fair, J. P. Gilliver didn't actually *say* that it could be a
different company, but that someone who doesn't know should be wary -

Thanks, that's a good point. I didn't quite parse John's statement that way,
but now that you mention it I see it the way it was likely intended.

*if* he meant someone who doesn't know URL syntax. This is a direct
consequence of Bloch's Lemma #1.

Bloch's Lemma #1: It's crazy not to be paranoid.

Is it better to be paranoid or crazy? Why pick just one, right?

 

[Wolf K]

"Johnny" wrote in message


Sysinternals was a company started by Mark Russinovich.
Microsoft purchased the company a few years ago (~5 or 6 iirc)

Russinovich is now a fellow at MSFT
- a fellow for lack of a better definition in MSFT is one with global
expertise who can accurately answer any question about the
under-the-hood workings of Windows, the impact it has on other
supporting files and software. (i.e. this man is really smart)

Plus, he knows a lot of stuff.
[...]

IMO, the site is worth a regular visit. I've used a couple of the
utilities in the past (XP days), can't recall which, but they were
essential at the time.

 

[Wolf K]

The reasons I made my own version are that:

(a) I find the standard one ugly

(b) If you parse the standard one carefully, it doesn't make sense. Why
would you have to refute that "they" are not (or, equally, are) out to
get someone because he or she is paranoid? There's simply no causal
relationship there.

I parse it as: Paranoid people suffer from delusions of persecution.
Sane people don't. But people, sane and insane, are persecuted. So being
sane doesn't doesn't mean you know what's really going on.

Of course I know what it is intended to mean - I just object to the fact
that the words don't mean that.

If you said that "your paranoia has no bearing on whether someone is out
to get you", I'd accept that. But then, why would anyone say that?

'Cuz it doesn't sound as good. The syntactic/semantic craziness that you
object to makes the sentence memorable. Realising what it means is a
(minor) Zen moment.

Mind you, the lemma you formulated is pretty good too. I like it.
Unfortunately, math jokes aren't generally understood. Like this one,
which I tried out on my wife (posted on mozilla.general, original source
unknown):

"In back, cows have two legs, and in front they have forelegs. That's six
legs, which is an odd number of legs for a cow. However, it's
well known that cows have an even number of legs. No finite number is
both even and odd, so every cow has an infinite number of legs."

Have a good day.

 

[Stan Brown]

[quoted text muted]
If only there were some way to know the answer to that question, say
by ... oh, I don't know ... maybe looking at the domain name in the
URL?

It's not obvious at all.

I don't think "not obvious" means what you think it means.

When you have a microsoft.com domain name, in what universe is it not
obvious that Microsoft owns it?

 

[Gene E. Bloch]

[quoted text muted]
If only there were some way to know the answer to that question, say
by ... oh, I don't know ... maybe looking at the domain name in the
URL?

It's not obvious at all.

I don't think "not obvious" means what you think it means.

When you have a microsoft.com domain name, in what universe is it not
obvious that Microsoft owns it?

Basically, the universe of naive users.

That is also a double-edged sword. People will go to a site with a name
like http://microsoft.help.com or http://microsoft-help.com and think
they are connecting to Microsoft. That's one kind of social engineering.

To be clear: I made up both of those names; any resemblance to actual
scam sites is intentional, but any duplication of a real name is
unintended and coincidental.

 

[Gene E. Bloch]

I parse it as: Paranoid people suffer from delusions of persecution.
Sane people don't. But people, sane and insane, are persecuted. So being
sane doesn't doesn't mean you know what's really going on.


'Cuz it doesn't sound as good. The syntactic/semantic craziness that you
object to makes the sentence memorable. Realising what it means is a
(minor) Zen moment.

Mind you, the lemma you formulated is pretty good too. I like it.
Unfortunately, math jokes aren't generally understood. Like this one,
which I tried out on my wife (posted on mozilla.general, original source
unknown):

"In back, cows have two legs, and in front they have forelegs. That's six
legs, which is an odd number of legs for a cow. However, it's
well known that cows have an even number of legs. No finite number is
both even and odd, so every cow has an infinite number of legs."

Have a good day.

That surely is even odder than you think

Sorry, I couldn't resist...

I tend to avoid math (or generally techie) jokes with non-techie
friends, because such a joke then requires explanation, and of course,
that kills it...

I do have an engineer friend, a very smart guy, who fails to get any of
my non-techie jokes, so with him I only make technical jokes. That
actually works out OK!

Back to our off-topic topic:
It should be obvious from what I wrote in the previous post that I don't
& won't agree with your analysis above, since it contradicts my own
prejudices.

Of course, I already knew that I was in the minority in my feelings, so
I expected to face disagreement. Yours was gentler than I expected.

But what the heck, I'll have a good day anyway. You too, Wolf

 

[Gene E. Bloch]

Thanks, that's a good point. I didn't quite parse John's statement that way,
but now that you mention it I see it the way it was likely intended.


Is it better to be paranoid or crazy? Why pick just one, right?

Hmm. That must be why it's a lemma and not a theorem.

I'll admit that this subthread has been a bit of fun for me (so far!).

 

[Ken Blake]

Or, sung to the tune of Auld Lang Syne:

On mules we find two legs behind
and two we find before.
We stand behind before we find
what the two behind be for.

 

[Joe Morris]

Hmm. That must be why it's a lemma and not a theorem.

But figuring which word to pick can present the reader with a dee-lemma.

Joe

 

[Gene E. Bloch]

Or, sung to the tune of Auld Lang Syne:

On mules we find two legs behind
and two we find before.
We stand behind before we find
what the two behind be for.

Sounds dangerous

 

[Gene E. Bloch]

But figuring which word to pick can present the reader with a dee-lemma.

Joe

I suggest we form a committee to work out a spec for this. Dilemmas
aren't good, so guidance is needed.

 

[SC Tom]

I suggest we form a committee to work out a spec for this. Dilemmas
aren't good, so guidance is needed.

And apply for a government grant; they'll pay for anything

 

[Wolf K]

And apply for a government grant; they'll pay for anything

Just remember, whatever government does, somebody wants them to do it.

 

[Gene E. Bloch]

And apply for a government grant; they'll pay for anything

Good idea.

Following your suggestion, I've just ordered

Form 23D-644-A323-R-97BT-q11-Q4-2377498 rev 1bc

from the Bureau of Dilemmas and Storm Doors, and I'll fill it out in
quintuplicate as soon as it gets here.

 

[SC Tom]

Good idea.

Following your suggestion, I've just ordered

Form 23D-644-A323-R-97BT-q11-Q4-2377498 rev 1bc

from the Bureau of Dilemmas and Storm Doors, and I'll fill it out in
quintuplicate as soon as it gets here.

I'm surprised there wasn't a link to download it in PDF format ;-)

 

[J. P. Gilliver (John)]

He can't

That is, of course, true by definition. But you knew that.

But to be fair, J. P. Gilliver didn't actually *say* that it could be a
different company, but that someone who doesn't know should be wary -
*if* he meant someone who doesn't know URL syntax. This is a direct
consequence of Bloch's Lemma #1.

Bloch's Lemma #1: It's crazy not to be paranoid.

OK, so I don't know the finer points of URL syntax. But my point is
still valid - replace one of the dots with a hyphen, underline, or
similar character. I'm often surprised the registrars allow registration
of clearly phishing domains: I can only assume that it's a combination
of the process being mostly automated, and perhaps to a small extent
very large bribes being involved. (I have no evidence of the latter,
however.)

Phishermen (!) do seem to use plausible-sounding domains a lot.

In my defence for not getting the URL bit right, Tim Berners-Lee is on
record as saying (no, I can't cite sources) that, had he had the chance
to do it again, he'd (a) have left out the "www" part, (b) have reversed
the order, so that com (or country code) came _first_.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Here it's someone else's job to deal with the money. Clinical decisions
revolve around the patient's needs without any competing financial interests,
and there is no financial incentive to perform unnecessary or more expensive
procedures. That is a real plus. - Neurosurgeon Ludvic Zrinzo, in Radio Times
23-29 March 2013

 

[Gene E. Bloch]

In my defence for not getting the URL bit right, Tim Berners-Lee is on
record as saying (no, I can't cite sources) that, had he had the chance
to do it again, he'd (a) have left out the "www" part, (b) have reversed
the order, so that com (or country code) came _first_.

No defense (or defence) needed - obviously, there was a time for each of
us when we were in the same state of not having learned it yet.

OTOH, if at some later time you don't know about it, *then* you might
need a defense

 

[Stan Brown]

In my defence for not getting the URL bit right, Tim Berners-Lee is on
record as saying (no, I can't cite sources) that, had he had the chance
to do it again, he'd (a) have left out the "www" part

There is no "www part".

 

[J. P. Gilliver (John)]

There is no "www part".

Not of the sysinternals site, no. TBL was saying about the web _in
general_ - I think it was in reply to an "if you were doing it again
what would you have done differently" type of question - that he'd not
have bothered with "www". (I think because it doesn't contribute
anything.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"What happens if I press this button?" "I wouldn't ..." (pinggg!) "Oh!" "What
happened?" "A sign lit up, saying `please do not press this button
again'!"(s1f2)