The Secret Guide to Uninstalling Any Anti-Virus Software

[NOTE #4: Updated the link to ESET’s Knowledgebase article, as it was out of date.  20220421-0105 GMT±0  AG]
[NOTE #3: I have made significant edits to this blog post based on feedback from my colleague, Bruce P. Burrell. 20180117-1715 GMT-8. AG]
[NOTE #2:  I have made some small edits to the blog post for grammar and overall improved legibility.  20140131-0100 GMT-8.  AG]
[NOTE #1:  I have updated Step #5 with additional information about Windows Safe Mode.  20130611-1800 GMT-8.  AG]

Preface

As a bit of background, my former boss John McAfee contacted me back in 2013 looking for help in making a video explaining how to uninstall McAfee AntiVirus software. Since I used to run support for him over there, I figured “Fair ’nuff,” considered it some karmic payback and did a bit of web spelunking.  I found the appropriate knowledgebase article on McAfee’s support site, McAfee Document ID # TS101331, “How to uninstall or reinstall supported McAfee products using the Consumer Products Removal Tool,” noted the link in the article to download their manual uninstaller (conveniently called the McAfee Consumer Products Removal Tool) and forwarded that to him with instructions to contact McAfee’s tech support if things didn’t go as instructed in the article. [Note that I was being asked about removing the consumer version. For assistance with the enterprise version, I would have otherwise referred him to their business support.]  He said that wasn’t enough information, so I ended up writing this blog post, which comes out to about six printed pages.

McAfee—like my current employer, ESET—provides a perfectly serviceable set of instructions. As a matter of act, you can view them at ESET Knowledgebase Article #2289, “Manually uninstall your ESET product using the ESET uninstaller tool” (complete with link to ESET’s manual removal program, the equally pedestrian-sounding ESET Uninstaller tool).

However, while both sets of instructions give the information and tools you need to uninstall their respective programs, they are strictly limited to those actions and do not take into account of the myriad steps one should take before or after removing any kind of anti-malware software for your computer.  While for most uninstalls, the process is going to go just fine, anti-malware software is used by hundreds of millions of people a day, and there’s always a possibility of something unexpected happening when dealing with that many computers.

And that’s why I wrote (and you are reading) this blog post, the Secret Guide to Uninstalling Any Anti-Virus Software. But before I continue, I want you to actually let you in on a secret:  The title of this blog post is something of a misnomer, and here’s why: Most of the malicious software (a/k/a, “malware”) one comes across these days is not “recursively self-replicating code that creates a possibly evolved copy of itself,” or, in other words, a computer virus.  In most cases, you’re not dealing with a computer virus but rather a bot, multi-stage downloader, rootkit, trojan, worm or some other form of digital pustulence.   It’s definitely evil, it’s definitely something you don’t want on your computer, but it’s probably not a virus. These days, viruses account for perhaps under 10% of threats seeing by anti-malware companies on a daily basis. The term computer virus however, is inexorably linked in the public’s consciousness, so I’ve used that term where it matters—in the title for SEO purposes—even though the most technically accurate term to describe threatening software is malware and, correspondingly, the security software which protects against it, anti-malware.

With that verbal caveat in mind, the rest of this article can now serve as a guide around your existing anti-malware vendor’s removal instructions to offer a more holistic method for removing their software, especially if you come across a problem or unexpected system behavior.

Step 1: Checklist

Prior to uninstalling your anti-malware software, make sure you have the following equipment readily available:

• The computer from which you plan to uninstall the anti-malware software. If the computer is a notebook, be sure to have the battery fully charged and the AC adapter plugged in.
• An external hard disk drive and/or USB flash drive.
• A trusted Internet connection for the computer. In this case that means having the computer connected to a residential broadband gateway router which, in turn, is connected to your cable or DSL modem. Some Internet providers provide a single device that acts as both a router and a modem, but if yours does not, you should connect a router between the computer and modem in order to “break” the direct connection between the public Internet and your personal computer.

Once you have these assembled, you are ready to begin.

Step 2: Backups

The first thing you should do before uninstalling the anti-malware software is to back up any valuable information from your computer. The reason for this is quite simple: All anti-malware software—not just McAfee’s or ESET’s but, every security software vendor’s—interacts with the system at a lower-level than most other applications. If a problem occurs during uninstallation that leaves the system in a non-working state, you will be able to more quickly recovery it.

If you already have a procedure in place for backing up your data, go ahead and do that now. If you do not, now would be the time to plug in that external hard disk drive or USB flash drive, and copy anything which is important to you from the computer’s internal drive to the external drive.

What sorts of files are important on a system? That will vary from person to person, but in general, that would mean anything which is unique, rare, or would otherwise be impossible to replace, such as personal documents, pictures and videos. For example, you can always purchase a new computer with a new copy of Microsoft Windows and Microsoft Office on it, but it would not be possible to go to the same store and buy a copy of your old data, such tax documents, pictures of your family, personal correspondence and so forth.

In addition to all of that personal data, you should also make sure you have the license keys readily available for any programs you would need to install on a new computer. Depending upon where you purchase your software, that information might be on a certificate in the retail boxed packaging, sent via email, or in a mixture of the two. If you are not sure where the license keys for all of your software is located, you can use a programs such as Nirsoft‘s ProduKey, Magical Jelly Bean’s Keyfinder , NS Auditor’s Product Key Explorer or Enchanted Keyfinder to attempt to locate them.  As a matter of fact, it’s often helpful to use several different programs, in case one of them does not correctly detect a license key.

Be sure to print out or save the information so it will be available when you need it. You can even save the information to your external backup drive so it will be available in the even you need to reinstall them on another computer. These are the type of things which are precious on a computer and make it uniquely yours, so be sure to take good care of your backup drive(s).

For documents that are critically important to you (business documents or records, projects that you are working on, and so forth), consider making an additional backup copy (or two) to a USB flash drive and storing those in a safe and secure place such as a safe deposit box or home safe.

After you have backed up your information, try restoring a few files, ideally on a different computer or to a different location on your existing one, to verify the backup was successful.

Lastly, please note that while backing up is a precautionary activity, it is an important one for any computer user to perform. The steps outlined above are meant to offer general information about backups. For additional information about backups, see Options for backing up your computer [PDF, 862KB] a vendor-neutral paper I wrote for my employer which provides a thorough audit of backup technologies for home and small business.

Step 3: Downloads

After backing up and verifying your data, the next step to take is to download a fresh copy of your current anti-malware software for which you are licensed, even if you are going to install a different program.

If you purchased McAfee, you can re-download a copy of your licensed software by visiting https://home.mcafee.com/Secure/Protected/Login.aspx in your web browser; for ESET, visit http://www.eset.com/download/ and so forth, for whatever company you purchased your anti-malware software from. Otherwise, follow the instructions from your computer manufacturer, Internet service provider or whomever originally provided it for re-downloading a copy. Save the file to a location you will remember, such as a dedicated new folder on the Desktop, the Downloads directory, an external USB flash drive or the like.

The reason for doing this is that if your installation of the anti-malware software is damaged and does not uninstall correctly, you can use the copy you just downloaded to perform a repair installation, and then cleanly re-uninstall it a second time once the damage is repaired.

If you are going to be installing a different anti-malware program, download it from the security software vendor’s web site and save that to a location you will remember; that way it will be ready for installation.  Note that some security software vendors offer two kinds of downloads:  A smaller “live installer” or a larger “offline installer.”   What is the difference between the two?A live installer is a much smaller program that is effectively a stub; when run, it downloads the rest of the program over the Internet and to your computer.  An offline installer is larger and contains all of the files needed to install the software onto your computer, even if an Internet connection is slow or unavailable.  My recommendation is to use the offline installer since it means you can install the full software package without the computer having to connect to the Internet without any security software running on it for protection.

Lastly, assuming McAfee is what you are uninstalling, go ahead and download the McAfee Consumer Product Removal (filename: MCPR.EXE) tool from McAfee’s web site at http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe or, if ESET, the ESET Uninstaller (filename: ESETUninstaller.EXE) from http://download.eset.com/special/ESETUninstaller.exe and save it to location that you will remember. Just about every anti-malware developer has a manual uninstall tool to remove any remnants of their anti-malware software remaining on a computer after it has been uninstalled using conventional means. If you are unsure of where yours might be, check ESET Knowledgebase Article #146, “Uninstallers (removal tools) for common antivirus software” which provides a comprehensive, frequently updated list of manual uninstallation tools for many security software vendors.

Note: Because anti-malware programs install themselves into the operating system at a lower-level than other types of software, it is not unusual for drivers, services and other settings related to the anti-malware software to be left over after a conventional uninstallation. While running a manual uninstallation tool won’t jumpstart your computer’s heart, it will remove any of these orphaned processes, registry entries and files that can cause problems when you install your new anti-malware software.

Step 4: Typical Uninstallation

Now that your system is backed up, and you have downloaded the tools you will need to (1) uninstall the existing anti-malware software; (2) repair a damaged installation; and (3) install your replacement software, we can begin the process of removing the existing anti-malware software from your computer.

First, begin by rebooting your computer as you normally would. This ensures that any pending file updates or operations on in-use files—including operating system updates—are performed as the operating system shuts down and then restarts.

Log in to the computer as you normally do, and then wait about five minutes. This allows any processes which normally run when the computer starts up to finish gracefully. Perhaps your anti-malware software will even download a last update.

You can now perform the following steps to begin uninstalling your anti-malware software from your computer:

1. Run the Add or Remove Programs applet from the Control Panel, by pressing Winkey+R (hold down the Windows key and then press the R key) to bring up the Run dialog, type  “APPWIZ.CPL” as the name of the program to open, and press Enter or click on the OK button to start it. The Add or Remove Programs applet will appear. Note that the exact name of this applet varies based on which version of Microsoft Windows is running. For example, under recent versions of Windows it is called the Uninstall or Change a Program applet. The command to run it, though, is the same under all versions of Windows.
2. In the Add or Remove Programs applet, locate the entry for the McAfee Security Center, ESET NOD32 Antivirus or whatever your anti-malware software is called and double-click on it. This will start the uninstaller built into Windows, telling it to remove the selected anti-malware software from your computer.
3. Depending upon which anti-malware software is installed on your computer, you may have to click on Remove, Uninstall or a similarly-named option to begin the uninstall process. If asked to select which components of the anti-malware software you wish to remove, select (check) all of them.
4. Allow the uninstaller to finish removing the anti-malware software from your computer. When finished, reboot the system, even if you were not prompted to do so.

At this point, you have completed a typical uninstallation of the anti-malware software from your computer, and you are now at least half-way through the uninstallation process.

Step 5: Manual Uninstallation

While  performing the uninstallation as outlined above via the Control Panel applet is usually enough to remove any anti-malware software from a computer, there is always a chance of issues occurring with orphaned processes and unremoved files that could affect the speed and reliability of the computer.

A second uninstallation, this time using the manual uninstallation tool is now performed to prevent any misbehavior from leftover remnants of anti-malware software on the computer. Here’s how to do this, step-by-step:

1. Restart the computer as you did in the previous step, but this time start the computer in Safe Mode. If you are running Windows 7 or earlier, this can be done by repeatedly tapping the F8 key on your keyboard as the computer starts up, until a text menu appears with an option named Safe Mode. A complete list of how to start the various editions of Windows in Safe Mode can be found in ESET Knowledgebase Article #2268, “Start Windows in Safe Mode or Safe Mode with Networking.”  Starting the computer in Safe Mode tells Windows to skip loading most programs which run when the operating system starts, loading only those necessary for the operating system to run. This special mode, used for troubleshooting system problems, provides an ideal environment for running anti-malware software’s manual removal tools.
2. Locate the McAfee Consumer Product Removal (filename: MCPR.EXE) tool, the ESET Uninstaller (filename: ESETUninstaller.EXE) tool or whatever the name is of the manual removal tool that you downloaded earlier and run it as administrator by right-clicking on it and selecting the Run as Administrator option from the context menu that pops up. If you are not logged in with administrator privileges, you may need to enter the credentials for an administrator. The manual removal tool will now run.
3. Follow the instructions on the screen to remove any leftover remnants of the previously uninstalled McAfee (or whatever) anti-malware software from the computer. When complete, a message will appear telling you whether the removal was successful or unsuccessful. For additional information, see the anti-malware company’s knowledgebase article.
4. After successfully running the manual removal tool on the computer, close the program and reboot the computer once more to allow any pending changes to the system to complete.

At this point, there should be no remnants of the  anti-malware software you just uninstalled on your computer (unless you are running Windows 8 or newer, in which case Microsoft’s Windows Defender will appear; but don’t worry, it automatically disappears when another anti-malware program is installed). Keep in mind, though, that this also means your computer is now vulnerable to malicious software and other threats and it is not safe for your computer to access the Internet (unless running Windows 8, as noted).

Step 6: Final Steps and Conclusion

Since the computer is no longer protected, the first thing you want to do is to install your replacement anti-malware software.

Go ahead and install the anti-malware software you downloaded earlier and allow it to complete its installation per the author’s instructions. Allow the new anti-malware program to completely finish updating before you run any other network-aware programs, such as web browsers, email clients, instant messaging apps, games and so forth. Once it has finished installing—a reboot may be required—it is then safe to use programs which access the Internet.

Congratulations!  At this point, you are done.  Your anti-malware software is up-to-date and you can now go online with your computer!

Aftermath

Oh, and in case you are wondering, John McAfee never ended up making a video following these instructions.  I sent them over, and he explained he wanted to make a different kind of video on how to uninstall his eponymous software, one that involved guns and explosions. He did end up making this video though, and it has gotten a lot of views on YouTube.  He had even written in a small part for me as “Bartholomew,” but I declined.  The audio engineer from the video production company played the part, instead.  I think he did a pretty good job.

Aryeh Goretsky

A dozen quick travel trips

[NOTE #2:  Some of the comments interspersed through this document about a certain carrier that some considered snarky have been removed.  This should make this blog post more suitable for sharing and forwarding.  AG 2014-02-06 9:50PM]

[NOTE #1:  I originally wrote this as a reply in a private Facebook group to someone who is flying for the first time.  I am not the most experienced traveler in the world, but hopefully this will be of help to some of you.  AG 2013-04-24 1:00AM ]

1. Clean the house a little before you leave. Coming home to a dirty house that needs to be cleaned is… suboptimal.
2. Pack everything the night before and have your luggage ready to go. Don’t put it in the car overnight, though, in case something happens to the car. Leaving it by the door works for me.
3. Pack a spare set of undergarments in your carry-on bag, in case the airline decides not to deliver your checked bag with your clothes and toiletries for four days, lying to you saying they will bring you your bag that day and refusing to pay for any clothes or toiletries you had to buy (on a very expensive international business-class ticket). Some clear plastic Zip-Loc™ style sandwich bags are also useful to have in your carry on to separate… things you might be carrying.
4. Traveling for N days? Pack N+1 days of clothing, in case you get stuck for a day, or require an additional change of clothes due to inclement/sweaty/inclement-and-sweaty weather.
5. Charge all the things! Have everything that uses electrons filled up. Bringing a penlight? Fresh battery/batteries in that before you leave, too.
6. If you typically carry things other than keys on your keychain (penknife, keychain-sized tool, etc.) remove it before you leave. It either doesn’t go on vacation with you, or travels in the checked bag.
7. Inside your checked bag? A pen light, perhaps a small travel power bar, if you’re traveling somewhere that is more a tourist than a business destination, and 1-3 unused, empty plastic garbage bag(s) (takes up no space on the way out, holds all your dirty laundry on the way back). Taking anything fragile and/or liquid? Wrap securely in another garbage bag (or two) and place in center of luggage, where clothes + everything around it act as a shock absorber. Returning with anything liquid and/or fragile? Same thing, but put it in the middle of your stinky sack, er, laundry bag for shock absorption and extra isolation from people who steal out of luggage. You should also have your noise-cancelling headphones, canalphones (in-ear phones, ear buds, or whatever term you use) or ear plugs in your carry on, as well.
8. Not inside your checked back? Anything valuable/fragile like a radio, MP3 player, camera, ebook reader, cell phone, laptop, external hard disk drive, etc. Those go in your carry-on luggage.
9. Carrying on? I recommend a backpack for your computer, as it distributes the weight of your laptop/notebook/slate/tablet/desktop-replacement/(whatever) evenly across both your shoulders so you don’t end up aching the first night from walking miles with a laptop bag over your shoulder in airports where the staff is very unhelpful and unprofessional. If you don’t have a backpack specifically for your laptop, look into adding a padded travel sleeve for it. If getting a bag, make sure it has a padded storage compartment for your laptop, as well lots of little, separate pockets/holders for things like AC adapter, spare battery, digital camera, backup HDD (you do back up your data regularly don’t you?), cables, USB flash drives and other electronic devices. I find zipper mesh bags (your local dollar store, or try a travel store for more upscale packing versions) great for storing little electronic things in. You can use those sandwich bags from (3) in a pinch, but they’ll start dissolving by your second trip.
10. Print out all travel documents and have them available in a transparent plastic folder easily accessible from your carry-on bag, in addition to electronic copies loaded on to everything you can load them on to and show someone.
11. Check in as soon as you can online (may be 12-24 hours before flight). Join the airlines frequent flier program, even if you think you’ll never fly on them again. Leave extra early and show up extra early for your flight. This allows you to take your time checking in, inquire about a first-class upgrade at check-in, and make your way through the TSA checkpoint. Do not go through a body scanner. Nobody actually knows what the long-term effects of mm wave scanners or backscatter X-ray technology are as they simply have not been in use long enough for any scientific studies to be performed. Always be friendly and polite to the TSA employee–it’s not their fault; just say you opt-out and want a pat-down, instead. It takes 5-10 minutes at most, and is completely safe.
12. It’s best to buy magazines, non-liquid consumables (candy, gum), ear plugs, and, if traveling internationally, power plug adapters before you leave, as they cost more at the airport. Make sure all your power adapters are world compatible (automatically switching between 110 and 220V, or even 100V if going to Japan and 240V if going to former British colonies), but mostly 110/220V. About the only exception is your laptop AC power supply: If the AC line cord is detachable, you should still carry a power plug converter for it, but look for replacement AC line cord in the host country. The common two prong one is usually a C7 (non polarized) or C8 connector (polarized) and often referred to locally as a teapot or kettle power cable. Just bring your old one with you and pantomime.

Good fortunes and safe travels!

Aryeh Goretsky

---

Have a travel tip to share? Please leave a comment, below!

Adding the “Run” command to a Start Menu Toolbar under Windows 8

Hello,

Back in 2009, I wrote an article in my blog, How to simulate a “Classic” Windows XP/Windows 2000 style Start Menu under Windows 7, which, as the name implies, explains how to recreate a Start Menu-like experience under Windows 7 using a Toolbar.  As it turns out, the same technique also applies under the Consumer Preview of Microsoft Windows 8, however, it is still missing the Run dialog.  Now, admittedly, you can always bring that up by pressing WinKey + R on your keyboard, but, chances are, if you’re already on the Start Menu and you want to use the Run dialog, you want to do so using your mouse, not your keyboard.

So, without, further adieu, here’s how to create a shortcut to the Run dialog on your simulated Start Menu:

1. Go to any empty spot on the Desktop and right-click to pop up the context menu.  From there, select New → Shortcut.  The Create Shortcut dialog will appear.
2. In the Type the location of the item:field, enter the following:

   %windir%\explorer.exe shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

   If that string looks vaguely familiar, that’s because it’s a CLSID.  I talked about CLSID’s in my earlier blog article, Changing the default Library Folder View in Windows 7.  This CLSID is to for Run dialog in Windows 8 Consumer Preview, so what this shortcut does is actually run the CLSID that opens the Run dialog on the Desktop.  Now click on the Next button at the bottom of the Window to continue.

3. You will now be prompted in the Create Shortcut dialog to name the shortcut you have just created.  In the Type a name for this shortcut: field, I suggest entering the text “Run…” for the name (minus the quotes, of course).  Note that I have actually not entered three periods after the word “Run” but instead entered an ellipsis.  You can create an ellipsis by pressing and holding down the Alt key on your keyboard and then typing “0133” (again, no quotes) on the number pad. This only works if you use the number pad on your keyboard.  If you are on a keyboard that does not have a number pad, try using the Character Map program (filename: CHARMAP.EXE) to insert one, instead.  Click on the Finish button when your done, and, Voila!, a Run… icon now appears on your Desktop.  But how to get it from the Desktop to the Start Menu?  That’s the next step!
4. Open Windows Explorer and navigate to the “C:\ProgramData\Microsoft\Windows\Start Menu\” directory on the computer.  Drag the Run… icon from the Desktop to folder, and close the folder when done.

That’s it.  The next time you click on your Start Menu‘s chevron in Windows 8 Consumer Preview, you’ll see your Run… command listed under it.

Regards,

Aryeh Goretsky

Changing the default Library Folder View in Windows 7

[An earlier version of this blog entry was published here at Scot’s Newsletter Forum.  AG]

Hello,

By default, the Windows Explorer icon on the Taskbar opens the Libraries folder view. If you want to open another folder, instead, you can change this by performing the following:

1. Hold down the Shift key and Right-click on the Windows Explorer icon in the Taskbar.
2. Select Properties from the context menu that pops up.
3. In the Target: field, change the value of “%windir%\explorer.exe” to a different value. Some possible options include:
   • enter “explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}” to open the Computer View of all disk drives and network shares
   • enter “explorer.exe ::{450D8FBA-AD25-11D0-98A8-0800361B1103}” to open the Documents folder
   • enter “explorer.exe ::{208D2C60-3AEA-1069-A2D7-08002B30309D}” to open the Network folder
   • enter “explorer.exe ::{7007acc7-3202-11d1-aad2-00805fc1270e}” to open Network Connections
   • enter “explorer.exe ::{2227a280-3aea-1069-a2de-08002b30309d}” to open the Printers folder
   • enter “explorer.exe ::{645FF040-5081-101B-9F08-00AA002F954E}” to open the Recycle Bin
   • enter “explorer.exe ::{871C5380-42A0-1069-A2EA-08002B30309D}” to open Internet Explorer (or just use the Internet Explorer icon on the taskbar)

You can also specify “explorer.exe {path specification}” to open a specific directory, where “{path specification}” is the path to the directory, such as “explorer.exe C:\ProgramData“. Environment variables are also supported, such as “explorer.exe %HOMEPATH%“.

And if, of course, you ever wish to restore the default view of the Libraries folder, you can do so by changing the value back to “%windir%\explorer.exe”.

NOTE: In all of the examples above, the quotation marks (” “) are actually not entered.

Advanced tip: The long hex strings above are actually the CLSIDs for those objects. It’s possible that there are quite a few others which work as well. If you come across additional ones, please share!

Regards,

Aryeh Goretsky

Getting there is not half the fun…

[Lightly edited and updated from my original Facebook post.  AG]

 

My horrible journey from San Diego, California to Larnaca, Cyprus, courtesy of @DeltaAirlines, @KLM and @Cyprus_Airways.

My original schedule was as follows

May 29th, Delta Flight # DL2792 from San Diego to Atlanta, scheduled to depart at 1:35PM and arrive at 8:53PM.

May 29th, Delta/KLM Flight # DL9375/KL0622 from Atlanta to Amsterdam, scheduled to depart at 9:35PM, and arrive the folowing day (May 30th) at 12:10PM.
May 30th, KLM/Cyprus Airways Flight # KL3281/CY0499 from Amsterdam to Larnaca, scheduled to depart at 2:00PM and arrive at 7:10PM.

Of course, that was just on paper (or electrons, as it may be).  Here’s what really happened:

Flight DL2792 leaves San Diego correctly and arrives on-time. We (I’m travelling with a co-worker) have to hustle to make the connection since we have only 40 minutes on the ground and our flight to Amsterdam is in the next concourse over.  We make it over to Concourse E with plenty of time to spare, where we find the jet is sitting at the gate with the engine cowling wide open with mechanics crawling all over it.  There’ is some sort of mechanical problem with the engine and they are waiting for parts to arrive from Detroit to affect repairs, then test and verify.  The new estimated departure time is midnight and because Delta says they are going to fix the engine, they will not put passengers on alternate flights or rebook anyone because the flight hasn’t been canceled.   The parts arrive in about an hour and the mechanics begin installation and testing.

 

The first test fails.

 

The second test fails.

 

The third test fails.

 

It is now just past 3:00AM and @DeltaAirlines finally announces they have canceled the flight. Funny how they had to wait until all other flights which could have possibly routed passengers to somewhere in Europe had left the airport.  Throughout these delaying tactics, the Delta gate personnel cannot tell us anything, they just wander around and disappear as people line up at the gate counter.  One person announces they will begin provide status updates every 15-20 minutes or so, and then wanders away without any updates for hours. Oh, and Delta is kind enough to offer people a can of soda and small package of 3 cookies.  No meal vouchers are offered, of course.

 

At 3:00AM the Atlanta airport is a cavernous empty place, with only cleaning people waxing the floors, gathering carts and emptying trash cans. The airport had pretty much closed around 11:00PM or midnight, and it is impossible to put us on any other flights per their own Rule 240 (international flight, so it’s Rule 87, Sections D, E and F).  At 4:00AM we finally get vouchers for taxis and hotel rooms and are told to proceed to baggage claim to pick up our luggage, an amenities (toiletry) kit, then go outside where taxis await to take us to the hotel.

 

For those of you who are unfamiliar with Atlanta, it’s a huge international airport:  It’s Delta’s hub, for that matter.  We were at Concourse E, the farthest, most remote concourse which marks one end of the airport and Baggage Claimis located at the exact opposite end.  How far is the distance between each concourse?  They use trains to go between them.  At 4:00AM the trains are not running nor are there any carts or drivers to take us to baggage claim.  It’s a 40-minute sweaty walk to reach our baggage.

 

At 5:00AM, we arrive at the hotel in downtown (I think) Atlanta and begin to queue up.  Unlike Delta, the staff of the Omni is friendly, polite, knowledgeable and efficiently begins checking people in.  I’m in bed by 5:30AM.

Around 10AM, I crawl out of my cocoon of twisted sheets and call Delta Airlines at +1 (800) 221-1212.  I find out they have rerouted me on their computers and that I now have the following schedule:

May 30th – Delta Flight # DL1513 from Atlanta to Detroit, scheduled to depart 6:50PM and arrive at 8:57PM.

May 30th – Delta Flight # DL0248 from Detroit to Amsterdam, scheduled to depart at 9:50PM and arrive the following morning (May 31st) at 11:45AM.

May 31st – KLM/Cyprus Airways Flight # KL3281/CY0499, from Amsterdam to Larnaca, scheduled to depart at 2:00PM and arrive at 7:10PM.

I burrow back under my blankets for another four hours of sleep and go to Atlanta, where I get in line in to check in, and come out with my baggage checked, a stack of stapled boarding pass cards–or what I think are my boarding passes; wait for it, this gets better–and go to the gate for the flight to Detroit.  I have, by the way, quite incorrectly assumed that the reason I was routed up to Detroit was that all the other flights to Amsterdam from Atlanta were fully-booked.  Apparently, they were not.  At the gate in Atlanta, I hand my packet to the gate agent, whose computer is down.  She looks at the mass of cards I have given her and waves me on the flight.  A little over an hour later, Delta Flight # DL1513 is wheels down down at Detroit.

I have a short connection–like 50 minutes–so I rush down the concourse for my next flight to Amsterdam.

They are boarding by the time I get to the gate, and I give Cynthia S., the gate agent, my packet of stapled-together board cards. Cynthia S. starts inspecting them as if they were something mildly distateful form of paper (Delta stock certificates, perhpas) and announces that I do not actually have a Boarding Pass, to get on the flight, just a Flight Schedule, and that I need to get a Boarding Pass issued before I’m allowed onto the airplane.  I try to explain to Cynthia S. that I was allowed on to my previous flight from Atlanta–after all, how else would I be inside the Detroit airport at the gate to board the flight–and she allows me on, but proceeds to tell me that my ticket to Larnaca has been canceled and that there is no one at Amsterdam who can or will help me me get a Boarding Pass and to not even try.

I board Delta Flight # DL0248–what else can I do–and sit down and wait for the flight to begin.  And sit.  And wait.  The plane sits at the gate for about an hour.  It seems one of the igniters in one the engines (I guess they come in two pairs) is not working. We pull out a little over an hour late and are finally in the air.

 

I spend the next several hours anxious, miserable and unable to sleep.

 

The flight arrives late into Amsterdam; we were not able to make up any time in the air, so by the time I get to the concourse it is about 1:15PM and my flight to Larnaca leaves in 45 minutes.

I run to the first automated ticketing transfer kiosk I can find and try to print a boarding pass for my flight which now leaves in about 40 minutes.  No luck, the computer cannot find me.  An airport employee directs me to a transfer station staffed with people.

I run down there and present my bewildering stack of papers to a KLM agent, who looks at them amd just directs me to go to the opposite end of the concourse to catch my flight–they can help me better at the gate.  I ask her if she can at least call ahead and let them know I’m coming.  She begins helping the next person in Dutch (or maybe German).

Twenty minutes later, I’m at the gate and the last person to arrive.  As some of you may know from meeting me or seeing a photo, I’m not used to running across airports and show up out of breath, my shirt hanging out and my clothing soaking wet from sweat.

Before the gate agents even speak to me, they grab a stack of paper towels and give them to me so I can wipe myself off.  I begin to explain my story to them and present my paperwork to the gate agent, who then turns to her co-worker and begins to have a conversation in rapid-fire Dutch.  They give me a seat in coach (I had a first class seat) and actually write out the boarding pass by hand.  I now have a KLM boarding pass that just says "Goretsky 19A."

At this point, I figure I have probably be been given the last seat on the plane, so I am just glad to be on board.  I walk down the jetway, hand my pass to the flight attendant and look down the aisles. The plane has, perhaps, 30% occupancy in first class and is maybe 40% full in coach.

The flight attendants are getting ready to do their usual preflight announcements, and I go to the closest one and try to explain that I had a first class seat for this flight leg, and since there are plenty of empty seats in first, can I please have the seat that I paid for.  The flight attendant tells me if I want to sit in the seat I paid for, I have to get off the plane with my luggage and go back to the gate to get a new one.

At this point, it’s just under 10 minutes before the plane leaves.  There’s only one flight a day from Amsterdam to Larnaca, and I have the suspicion that if I step off of this plane, I will not board it ever again.

 

I walk down the aisle of the airplane to my seat.

I find my seat and stow my baggage and begin to settle in.  Since the plane is so empty, at least I have an entire row to myself.

Being that I’m a big guy, I don’t fit in a coach seat very well, and ask the flight attendant for a seatbelt extender.  It is not a big deal to me now, I have to do it all the time, and a flight attendant usually brings one over quickly and discretely.  In this case, the flight attendant looks at me and instead of going and getting one, yells something like "leevascala" down the length of the plane to the flight attendant at the other end and points at me.  The other passengers scattered around me look at me with amused or disgusted expressions.  I don’t really care at this point and just sink into my seat as the other flight attendant brings over the extender.

After we begin taxiing on the tarmac, a guy in a seat over from me informs me the Flight Attendant announced to everyone there was a fatass in my seat.

I get to Larnaca, meet up with a co-worker who was sitting up in front and we go to baggage claim to pick up our luggage.

My bag is not on the conveyor belt and I go to the lost baggage agent.  There’s only one flight a day on Cyprus Air from Amsterdam, so it will be at least 24 hours before my bag arrives, plus 90 minutes to get to my hotel.  The airline will reimburse me for up to 40EUR worth of toiletries.

By the time we get to the hotel in Pafos to check in, it is about 10:00PM.

I came to Cyprus for business:  It’s my employer’s annual World Partner Conference and I am there to present the results of three years of planning and work to several hundred of my co-workers and peers in travel-stained jeans and a shirt.  Who the hell knows where my suit is now at this point? Did my luggage even make it to Europe?

I grabbed dinner with my co-worker, then got some toiletries across from the hotel at a kiosk.  Anti-persiprant and anti-fungal accounts 10EUR of my 40EUR allowance.

I don’t have a spare change of underwear, T-shirt or sockss/  Assuming I could even find anything that fit me, I am sure it would be far more than 40EUR.  It would probably cost me a thousand euros to get a suit tailored to fit me in time for my presentation, assuming I could find one that fit well enough to begin with they tailoring.

At this point,  I’m just numb:   I don’t know what to do, and everyone I’ve dealt with at the airlines has seemed to have an attitude that somehow it’s my fault for their late flights, broken jet engines and missing baggage, and even speaking to me is a big intrusion into their lives and that they are somehow doing me a great favor just by talking to me.

The next day (June 1st) I am working with our conference planner (who is juggling arrivals and departures for several hundred people, in addition to the minutae of handling an international conference) and try to make arrangements to have my luggage picked up by a courier taxi (the conference hotel is about 80 mile away from the airport) from the lost baggage folks.  My attempt to have my bag placed on a taxi picking up co-workers fails, and I attempt to get the lost baggage folks to put it on another taxi so it will come over later in the evening.  No problem, they can do that.

 

I go to what passes for a department store and spend something like 140 EUR on the few things I could find which would fit me.  Underwear is not among the things I find.

 

I call later that evening, to find out what time my bag will be in.  Oh, it’s too late to bring my bag over, because it would cost them a lot of money.  But they will have it over first thing early in the morning on June 2nd.

 

Then it will be there at noon.

 

At 1:00PM, my bag leaves the airport in a taxi, but it will be a while, since they have to deliver lost luggage to all the other hotels, too.

 

Just after 4:00PM, my luggage arrives at the hotel and for the first time in several days I had clean underwear.

 

Windows XP Optimization Tips I

[Some minor edits to improve legibility.  2013-06-17 @ 8:30PM]

Hello,

Over time, file system fragmentation, applications (and services) which run at boot up can take their toll on performance on a computer running Microsoft Windows XP. The following list describes some of the changes I make to a system to help improve its bootup speed and responsiveness, as well as some changes I prefer for usability purposes. A couple of things to keep in mind:

• This blog entry is intended more as a general overview than a step-by-step guide and is intended for moderate to experienced users.
• Some of my recommendations in here are opposite Microsoft’s own recommendations and while I do not think they are harmful, may provide no gains for your particular configuration. Exercise caution by making one (or more) backups of your before attempting any of the changes outlined herein and verify the backups were successfully, ideally by restoring them on a different computer.

NOTE: This list specifically makes use of the utility programs provided by Microsoft and does not include the use of third-party tools. There are many such programs available to tune up, optimize or otherwise improve a system’s performance. Some of these work, while others may provide no gain or actually reduce the performance of your system. I do not typically recommend the use of such tools, preferring to allow Microsoft Windows to manage itself. Your experiences may vary.

1. Move all directories except Startup from C:\Documents and Settings\%USERNAME%\Start Menu to C:\Documents and Settings\All Users\Start Menu to de-clutter things. Windows (or perhaps some applications) seem to require that the C:\Documents and Settings\%USERNAME%\Start Menu\Startup directory exist and can get confused when it is not present.
2. Create a new directory named C:\Documents and Settings\All Users\Start Menu\Startup – Optional and move the contents of both the C:\Documents and Settings\%USERNAME%\Start Menu\Startup to C:\Documents and Settings\All Users\Start Menu\Startup directories to it. This stops all the programs which were launched automatically from these locations from running from running each time the computer boots up.
3. Close the two Startup directories when done but leave the Startup – Optional directory open as you’ll need it in the next step.
4. Run the Registry Editor (filename: REGEDIT.EXE) and open the [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] key. Inside it are a bunch of string values for programs which also run on startup. Double-click on each string value to open it, copy the data (the complete program path and any arguments listed for it), create a new shortcut the Startup – Optional directory and paste the program in as a new shortcut. Delete the registry entry for a program when done and repeat until all the programs that used to run from that registry key now exist as links in the Startup – Optional directory.

Repeat for the [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] key.

At this point, you now have a computer that, when rebooted, no longer runs all those programs which launched through the various startup directories and registry keys. There are, however, probably a few programs which you do want to run each time Windows starts (antivirus software, sound card manager and so forth). Copy the shortcuts running these programs from the Startup – Optional directory to the C:\Documents and Settings\All Users\Start Menu\Startup directory.

You’ve now cleaned up the programs that run at startup, which should improve boot time. There are also services (think UNIX daemons) that run automatically as well. These can be manipulated via the Services Manager (filename: SERVICES.MSC), however, unless you know what services can be changed, I’d suggest leaving it alone for now.

The next thing to do is get rid of temporary files. Delete the contents of the following directories (e.g., leave the directories intact, but empty):

C:\WINDOWS\TEMP\

C:\Documents and Settings\%USERNAME%\Local Settings\Temp\

C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files\

The first is the temporary file folder used by the operating system, the second by your account, and the last by Internet Explorer. Even if you don’t use IE regularly, it may still have some junk files in it. Do not be alarmed if you cannot remove all the subdirectories or files, though. Sometimes there are background processes holding a file open or somesuch.

Now that you have gotten the startup operations and the temporary file folders cleaned up, it’s time for a disk defragmentation. This can take a while to run if it hasn’t been done, so I’d suggest starting it before going to bed. Command line option is “C:\WINDOWS\SYSTEM32\DEFRAG.EXE C: -F -V“. The F is for force and the V for verbose. The built-in Windows defragmenter is not the best in the world, and the effects can be somewhat cumulative. After it finishes, run it again. If it takes more than five to ten minutes to run, then it made some more improvements. Run it a third time and by now it should have done a decent job of defragmenting the files, even if it did not optimize their layout on the disk much.

You should now have a machine which runs faster, especially for booting up. You will want to periodically (every 1-2 months) check the Startup directories and Run registry keys for programs which may have been automatically installed by new or updated software (Adobe, Real, Sun…) and move them to the Startup – Optional directory as needed, as well as the file deletion and defragmentation to keep things running in good order.

Regards,

Aryeh Goretsky

How to simulate a “Classic” Windows XP/Windows 2000 style Start Menu under Windows 7

[The following is a copy of a message I originally wrote in the Windows 7 Tips & Tricks, Put your great tips here! message thread on Scot’s Newsletter Forums on November 9, 2009. AG]

 

Hello,

Here’s how to simulate a Windows XP "Classic"/Windows 2000 style Start Menu on a computer running Microsoft Windows 7:

• First off, a little maintenance: Right-click on the Start Orb, select Properties from the popup context menu, click on the Taskbar tab and de-select (uncheck) the Lock the taskbar option.
• Right-click on any empty spot of the Taskbar and select Toolbars → New Toolbars from the popup context menu.
• When the New Toolbar – Choose a folder window appears select "C:\ProgramData\Microsoft\Windows\Start Menu" as the directory to use for a Toolbar and click on the Select Folder button to choose it.
• After the new Start Menu toolbar has been made, drag it over all the way to the left until it is between the Start Orb and your pinned applications.
• Move your cursor over the separator bar beween the Start Menu toolbar and the and drag all the way to the left until all that is visible is the "Start Menu »" text. If you click on the "»" glyph you should now see a familiar menu tree.
• Right-click on the Start Menu text and select Open Folder from the popup context menu. The Start Menu directory will appear.
• Navigate to the Accessories directory, right-click on the Run shortcut and select Copy from the popup context menu.
• Navigate back to the Start Menu directory, right-click in any part of the empty window and select Paste from the popup context menu.

You should now have a "classic" Windows XP/Windows 2000 style Start Menu on your taskbar. Remember to lock the taskbar by toggling the Lock the taskbar option from the first step if you prefer a locked taskbar.

Regards,

Aryeh Goretsky

Initial thoughts on Malwarebytes versus IObit

Hello,

Malwarebytes accusation that IObit has infringed on their intellectual property has received a bit of attention in news and and blogs, and a good deal more discussion about what happened—or did not happen, or may have happened—is occurring in various web forums and mailing lists. 

Having worked in the anti-malware industry for a number of years (even so far back as *gasp* when it was called the anti-virus industry) I had some small interest in the matter, however, I have more interest, frankly, in clearing up what I see as a lot of confusion.  So, just to be clear, the opinions expressed are my own, and not those of my current or any past employer.  If I got something right, or there’s a part you agree with, that’s probably because of something I learned from one of my smart co-workers.  If, on the other hand, I got something wrong, or you disagree with it, violently or otherwise, well, that’s probably my fault.

As I understand it, there seem to be several related issues:

• Malwarebytes has accused IObit of copying a percentage (up to 100%, it appears) of MBAM’s threat signature database and including it in IObit Security 360.
• Malwarebytes has accused IObit of identifying threats using the exact same names that Malwarebytes uses to detect those threats.
• Malwarebytes has salted their threat signature database with signatures for nonexistent threats, and claims that IOBit Security 360 detects files containing those signatures, identifying them with identical (or nearly identical) names used by MBAM.
• IObit has stated that the detection of one of the salted false positives occurred because it was sent to them anonymously and that they used the name of the file as it was uploaded to them to identify it in IObit Security 360.

The anti-malware industry shares samples, meta-data about samples and for high-profile threats may share information such as reverse-engineering and detection techniques.  Anti-malware companies even swap product licenses with each other:  It can be helpful to prioritize the incoming firehose of samples not just with your own internally-developed tools, but with a competitor’s products as well.  These relationships often extend back for years and decades, and they continue to go on, unabated.

There is, however, a difference between copying a competitor’s naming conventions in toto, which indicates many things about the copier, such as laziness and not having enough resources to properly conduct threat identification, and reverse-engineering a competitor’s product to decrypt their signature database and import it into yours, which may be a civil law or a criminal law (or both) matter.

There’s nothing particular novel or new about what Malwarebytes has done with salting their threat signature database.  When I was at my previous employer in the anti-virus field, we regularly added fake entries to our virus signatures, and when those signatures appeared in competitor’s products, we had discussions with them.  Generally, all it took was a phone call (or a fax) to stop that behavior.  Those were done privately, though, and never reached a point where lawyers (or the public) had to get involved.

One thing I hope everyone keeps in mind is that this is a very complex issue, not just from a technical and legal perspectives, but from cultural and perhaps even geopolitical ones as well.  I believe Malwarebytes is an American company and IObit is a Chinese one.  As such, it very possible that IObit’s employees do not communicate as effectively as people who are native English speakers. If you are a native English speaker and reading this, think about how difficult it might be for you to respond to message in Cantonese or Mandarin.

I suspect this is ultimately going to be settled in a court of law, or at least by lawyers, rather than in the court of public opinion, and would caution people to try and take a cautious and balanced view of the issue until then.

Regards,

Aryeh Goretsky

Sources:
Horowitz, Michael. ComputerWorld Blogs – IObit accused of stealing from Malwarebytes.
Kleczynski , Marcin. Malwarebytes blog – IOBit’s Denial of Theft Unconvincing.
Landesman, Mary. About.Com – IOBit Steals Malwarebytes’ Intellectual Property.
Mills, Elinor. CNet News – Malwarebytes accuses rival of software theft.
unknown. IObit blog – Declaration from IObit
unknown. Malwarebytes blog – IOBit Steals Malwarebytes’ Intellectual Property.

^{REV. 2009105.2312}

Back from Gnomedex 2008; or, there’s no place like gnome

Oddly enough, I shall start my report of Gnomedex 2008 not with how it began, not with how it ended but with what happened after I returned home to California.

 

I missed my flight back at 7:00AM, but was able to get on a later one at 9:30AM without a problem.

 

My baggage did not arrive on the flight.

 

Nor did it arrive on the 2PM flight.

 

Or on the 4PM one.

 

A little after 4PM I received a call on my business cellular phone from a number with a 512 area code. 

 

For those unfamiliar with that area code, it is for Austin, Texas.  Presumably, it is for the surrounding metro area as well, but in this case, the caller was from Austin.

 

It turns out, though, that she was in California, too.  Except 120 miles away from me.

 

She had mistakenly grabbed my bag and driven away without checking the luggage tag.  Or the claim ticket put on my bag by Alaska Airlines.  She flew Southwest, by the way.  The claim ticket is the thing which airports tell you to check with signs that say "bags look alike, check the tag before leaving" on signs above the baggage claim carousels.

 

Anyways, she asked me if I would drive back to the airport, pick up her bag and drive out to meet her boyfriend half-wayish.  I had gone back to the office to await calls from and to place calls to the baggage claim office at the airport, which is near the office.

 

Wanting my luggage as quickly as possible, I went to the airport, collect her luggage and began the drive east.

 

A funny thing now:  The luggage I had purchased was a Tumi Ducati Expandable Wheeled Packing Case Suiter.  It was actually not my first choice for a bag, because it is black (which I like) with red panels and silver trims (which I didn’t particular care for) but after a while, I had grown fond of it precisely because it did not look like other people’s luggage; I could rest assured that when my bag came off the conveyer belt to the carousel that the one that looked like that was mine, all mine.  I still always look at my luggage tag, though.  It’s a reassurance thing.  If I turn it over and can see my business card, I know it is mine.

 

It turns out the woman who took my luggage probably felt the same way.  Her bag was smaller than mine, though.  A lot smaller.  And it didn’t have a luggage tag on it; or at least it did not have a luggage tag on it like mine where I had placed mine (they anchor to a grommet on the side, not on the top).

 

I met her boyfriend about 30 miles out of town—he said he was enjoying driving their rented car—and performed the exchange of prisoners on the side of a highway on the border of the Sonoran Desert.  He was very apologetic and even gave me some gas money, which was very kind.

 

On the way home, and through today (this happened yesterday) I reflected on the maxim of the "many backs look alike" signs one sees at airport carousels.  Many bags do look alike, but perhaps the most deceptive ones are those that appear not to at all.  Luggage is a commodity item, and unless you’ve handcrafted or customized your own luggage, it is likely there is another piece out there that the looks the same somewhere.

 

Yesterday, I learned that appearances are pretty superficial, especially for luggage. 

 

The larger lesson in life is to not be too trusting of the familiar; that was a lesson I observed was again, this time today at work but in a much different context.  But that’s another story for another day.

Before you install Vista SP1…

An acquaintance of mine who is a prolific vlogger collects user-submitted tips and records them. 

 

Normally, I do not do those kinds of things—I am more of a web-based forum-kind-of-guy—but I thought it might be fun to share (and perhaps expand a little) on the email I sent him.

 

A quick run down on things one might want to do before installing Microsoft Windows Vista Service Pack 1 on your computer:

1. Before making any major changes to your system, it is always a good idea to back up your valuable data files.  Vista includes a backup utility you can access by clicking on the Start Orb and typing "backup" into the Search field, or by using a Vista-compatible backup program such as Acronis True Image, NovaStor Novaback or Symantec Ghost.
2. Download and install the latest device drivers for your computer’s hardware. Device drivers are small programs that allows your computer’s hardware to talk with the operating system.  When a service pack is released Microsoft sometimes makes small changes to the operating systems that can cause some device drivers to perform slowly or not work very well.  Check with your computer manufacturer or hardware vendor to see if any of the following have updated device drivers:
   • hard disk drive controller (especially if you use an add-on SATA or SCSI expansion card)
   • fingerprint reader (very important if you use one to login to your computer or protect the information on it)
   • network interface card
   • motherboard chipse
   • sound card
   • video card

   and so forth. Also, if you have an OEM-branded computer from a company like Dell, Hewlett-Packard, Lenovo, Toshiba and so forth, check with them to see if they have any prerequisites for installing the service pack.

3. Any software which interacts with Vista at low level may need an update as well.  Examples of software that might need to be updated include backup, CD and DVD creation software, disk defragmentation and security software such as antimalware and firewall.  Be sure to check with the authors of these to verify compatibility with Service Pack 1.
4. Check your hard disk drive for errors before installing the Service Pack.   To do so, double-click on the Computer icon on your Desktop to view the hard disk drive, right-click on it to make the context menu pop up, and select Properties to open the properties window for the hard disk drive.  The command to check the hard disk drive for errors is located on the Tools tab.
5. Defragment your hard disk drive before installing Service Pack 1 for Windows Vista.  Installing a service pack can be a lengthy and disk-intensive process as the service pack updates the all of the files which make up the operating system.  Defragmenting the hard disk drive reorders the files on the hard disk drive which can speed up access to them.  Vista includes a disk defragmentation utility you can access by clicking on the Start Orb and typing "defragment" into the Search field, or by using a Vista-compatible defragmentation program such Diskeeper’s Diskeeper, Golden Bow VOpt or Raxco PerfectDisk.
6. If you do need to disable your security software before installing Service Pack 1, remember to re-enable after the service pack is finished.  Normally, this is not an issue since modern security software tends to co-exist with installing a service pack and the Windows Security Center should notify if your security software is disabled, but it is a good idea to keep track of such things, just in case.

Remember, it may take some time for the service pack to finish installing, especially if you have an older computer or many files on yours.  Be patient as it may take several hours to complete.

This list is just something I put together and is far from complete.  What tips do you have for preparing a system for service pack installation?