Embed Size (px)
Citation preview
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Troubleshooting Windows Troubleshooting Windows ProblemsProblems
Presented by: David F. SollVice President, Omicron
Trenton Computer Festival
April 16 & 17, 2005
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
AgendaWindows versionsFile systemsHardwareRegistryPrograms that start automaticallyTask ManagerRestore PointsSoftware updatesDLL HellWindows XP SP2What is a TCP PortWindows FirewallTweakUI
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
What’s NOT in this talk
Virus Scanners and CleanersSpyware Scanners and CleanersThis talk is designed to provide a broader view of Windows issues
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Windows VersionsWindows 2000, XP and Server 2003
Windows 95, 98, and ME
Full Operating System Sits on top of MS-DOS
Protected O/S Not protected O/S
Full Security Model No Security Model
Supports NTFS, FAT, and FAT32 Supports FAT and FAT32
If you are still running on Windows 9x or ME, upgrade to XP!
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Upgrading Windows
Experience shows that when upgrading it is better to wipe the hard disk clean and start over – do not perform an in-place upgradeSave all of your personal files before upgradingReinstall all applications after upgrading
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
File SystemsNTFS FAT32
Secure file system No security
Max size > 2 TB 32 GB (4 GB for FAT)
File size limited by volume size Max file size is 4 GB (2 GB for FAT)
Can convert from FAT or FAT32 to NTFS
Can not convert from NTFS to FAT or FAT32
Cluster size of 4K Cluster size of 16K
Can not be used for floppy disks
FAT32 can not be used for floppy disks (only FAT can)
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Hardware
The key to hardware is the driverA driver is software that know how to talk to a specific piece of hardwareMicrosoft has a certification program for drivers, but not all vendors go through the certification processWhen you install a non-certified driver you are notified and given the opportunity to abort
Plug and PlayStay away from non-Plug and Play devices
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
RegistryConfiguration Database
Windows configurationUser configurationApplication configuration
Be careful!!!Errors in the registry can cause major problems
Divided into 2 key branches:Machine
Configuration parameters common to all users of the computer
UserSpecific to the userDifferent for each user
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Automatic Startup3 Basic Types:
ServicesApplicationsDLL’s
Services run in the backgroundControlled by Service control managerCan be set to Manual, Automatic, or DisabledUse the “net start” command to view all running services
Use this to record what services are running before problems occurUse the recorded list to check for any new, unexpected services are running when problems arise
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Automatic Startup (cont’d.)
Application started from:Startup groupRegistry
HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunHKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run
DLL’s typicall run from “RUNDLL32.EXE”Often DLL’s are hidden from you since they don’t run on their own
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Task Manager
Lists all running programs (applications and services)Look for unfamiliar applicationsUse Windows Explorer to identify where the program came fromUse Ctrl-Shift-Esc as a shortcut
Can also use Ctrl-Alt-Delete then “Task Manager”Also right click on task bar and select “Task Manager”
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Restore Points
Provides a “snapshot” of the system configurationAllows reverting back to a previous snapshotTypically does not effect user data
Specifically targets configuration/registry
Not a good method for removing softwareUse the Add or Remove Programs for this
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Software Updates
Keep the Windows updates up to dateAutomatic Update
Right click on “My Computer” then select “Properties”Select the “Automatic Update” tab
Manual UpdateSelect “Start” then “Windows Update”
Keep the virus definitions for you virus scanner up to date
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
DLL Hell
A Dynamic Link Library (DLL) is a subroutine library that can be shared by multiple applicationsIncludes: DLL, VBX, OCX, DRV, FON, FOT, CPL, TLBDifferent versions of DLL’s typically have different functionalityDLL’s are installed with program installationsThe DLLCache directory supersedes anything replaced in the System32 directory
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
DLL Hell – Scenario 1
InstallApplication 1
Application 1Installs Ver. 1 of
XYZ.DLL
Hard Disk
InstallApplication 2
Application 2Installs Ver. 2 of
XYZ.DLL
XYZ.DLL does not exist on the hard drive
Applications 1 and 2 both use XYZ.DLL
XYZ.DLL Ver. 1 is on the hard driveXYZ.DLL Ver. 2 is on the hard drive
Application 1 may be broken!
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
DLL Hell – Scenario 2
InstallApplication 1
Application 1Installs Ver. 2 of
XYZ.DLL
Hard Disk
Windows seesThat XYZ.DLL
has been changed
Windows copysDLLCache version
Of XYZ.DLL
XYZ.DLL Version 1 is on the hard drive
Application 1 uses XYZ.DLL
XYZ.DLL has been installed as a part of Windows
XYZ.DLL Ver. 2 is on the hard driveXYZ.DLL Ver. 1 is on the hard drive
Application 1 may be broken before we ever get it to work!
XYZ.DLL Ver. 1 is in the DLLCache
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Windows XP SP2
Provides patches & fixes for Windows XP but…
The most important part is that it tightens securityThe most annoying part is that it tightens security
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
What is a TCP Port?
Think of an IP address as a telephone numberThink of a port number as being an extensionIn this analogy, the person who dials the phone is the client application (ie: Web Browser)The person who listens for it to ring is a server program (ie: Web Server)If there is no one listening to an extension, it goes unanswered
Therefore, if no application is listening to a port, a hacker can NOT do anything by attempting to call that port
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
What is a TCP Port?
Ports 0 through 1023 are reserved and called “well known ports”
Examples of well known ports:HTTP Port 80FTP Ports 20 & 21Telnet Port 23
Port Definitions can be found at: http://www.iana.org/assignments/port-numbers
Ports 1024 through 49151 are Registered PortsDynamic and/or Private Ports are Ports 49152 through 65535
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Windows Firewall
Blocks inbound trafficDoes not block outbound traffic
Configuration allows exceptionsExceptions are set by port or application
Application exceptions provide peer to peer types of connectionsNot many application provide peer to peer capabilitiesApplications supporting external connections include:
Remote AssistanceWindows Messanger
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
TweakUI
Available for free from MicrosoftOne of the “PowerToys”Download from: http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp
Provides a powerful mechanism for configuring the Windows user interface
Omicron Consulting1700 Market StreetPhiladelphia, PA 19103
Troubleshooting Windows Troubleshooting Windows ProblemsProblems
Presented by: David F. SollVice President, Omicron
This presentation can be found at:http://mywebpages.comcast.net/soll
