If you think that enabling “Show hidden files and folders” and disabling “Hide protected operating system files” from Folder Options will show every single hidden files/folders, then you are wrong. Recently I’ve been very busy because I am involved in a “secret” project (will be revealed here soon) that made me spent a lot of time testing a lot of different security tools.
There are some virus/trojan/rootkit that is able to hide itself completely from Windows Task Manager and believe it or not, even the famous Process Explorer and Process Hacker cannot even detect the hidden process. Other than that, when the virus is active, they can also make the file hidden until you cannot locate it using Windows Explorer. I found a tool called IceSword which has a Windows Explorer-like interface
but displays hidden processes and resources that Windows Explorer would never show.
Do note that IceSword isn’t a “click-here-to-delete-rootkits” product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine. One thing I really like about IceSword is it is portable, free and can be used in Safe Mode. Normally tools that is used to detect hidden process and files (such as DeepMonitor and many more) requires a special driver installed and it won’t work in Safe Mode since third party drivers/services are not loaded in that environment.
Here’s a piece of bad news that might be a turn off to a lot of people. IceSword is a software made in China by a person called PJF. I know now even more people would stay away from Chinese software because of what IObit did but so far IceSword has a very good reputation. Scanning it in VirusTotal with 41 antivirus and only ClamAV detects it as a threat just because the program is packed/compressed with ASPack.
Anyway I’m just sharing with you on a tool which I found useful and if you’re not comfortable using it, then by all means go ahead and use GMER which is very similar to IceSword. It’s good to have an alternative in case one of it doesn’t work. Here’s a short video demo of IceSword able to detect a folder which is completely hidden from Windows Explorer even if the Folder Options is set to show hidden files and folders.
[ Download IceSword | PJF's Official Website ]
New & Update
About Me
IceSword Displays Processes and Files Hidden from Windows Explorer
Compiling a Non-Sockets version of Kigen’s Anti-Cheat 1.2.0 Beta
SteamBans Detox Anti-Cheat project is officially dead and currently the only good anticheat plugins
are KAC and zBlock. KAC runs on SourceMod and zBlock is an independent server plugin. I personally prefer to use KAC because it’s open source and you can modify the plugin to suit your needs. Kigen’s Anti-Cheat (KAC) is a more advanced cheat CVar detector than ES Anti-Cheat or VBAC and was designed to detect most cheats. It will query and check for most cheat prone CVars and replicated CVars. Most cheats today currently disable CVar replication and also turn off sv_consistency and turn on sv_cheats and thus this plugin will detect those cheats. This plugin will enforce sv_cheats 0 on most servers.
The official stable version for KAC is 1.1.9 and there are 2 versions, the regular and no sockets version. Many server admins would prefer to go for the no sockets version because they can avoid installing an extension called sockets which is quite unnecessary. Other than that, if you have custom modified version of KAC, you wouldn’t want it to be automatically updated when a new version is out. Kigen has released KAC 1.2.0 beta with many improvements to detect cheaters and this time it requires Sockets 3.0.0 alpha or later versions or else KAC wouldn’t load. Since there isn’t a non-socket version for the KAC 1.2.0 beta, I’ve decided to check out the code and managed to compile KAC 1.2.0 beta without requiring sockets.
1. Download KAC 1.2.0 Beta Source Code.
2. Extract the ZIP file, go to scripting folder and edit the kigen-ac-pub.sp file with a text editor. I recommend you to use Notepad++ to do that.
3. Comment out line number 56, 100, 162 and 383 by adding double slash // at the beginning of the code.
4. Save the edited kigen-ac-pub.sp file and run compile.exe from scripting folder.
5. Go to compiled folder and you should have a newly compiled kigen-ac-pub.smx that can be loaded without sockets.
I can provide an already compiled KAC 1.2.0 beta without sockets but it’d be better if you learn how to do it yourself. Reason is KAC 1.2.0 is in BETA and when it gets updated to a new build, you are able to edit and compile it yourself rather than depending on this site. Kigen did mention that sockets doesn’t cause any lag, but logically less means faster because it doesn’t need to run extra commands.10 Commercial Disk Imaging Software Features and Backup/Restore Speed Comparison
To me, hard disk imaging is one of the most important thing to do after I’ve perfectly finished setting up a computer system the way I wanted. It is the best way of restoring the changes back to the way it was and also the best way to clone multiple computers with same hardware. I’ve always been using the good old Symantec Ghost for DOS version to do all that and only recently I’ve been using Macrium Reflect full edition on my new laptop because it was sponsored by Macrium.
Since Symantec Ghost Corporate Edition DOS version has never failed me, I never wanted to try out other products including the famous Acronis! However, many years has gone by and I believe the technologies that they used must have improved a lot. Will Symantec Ghost still remain as my favorite disk imaging software? Well I wanted to post this 2 weeks ago but was caught with Norton 15 being released and then Paragon Backup & Recovery 10 Suite. Do note that I am only comparing shareware disk imaging software and the free ones are not included in the list. I hope that this comparison will be able to help you decide which disk imaging is worth buying.
Here are the list of disk imaging software that I have tested:
1. Acronis True Image Home 2010 (build 6.029) – Website
2. Active@ Disk Image v3.34 – Website
3. DriveClone Pro v7 – Website
4. Macrium Reflect v4.2 Build 2028 Full Edition – Website
5. Norton Ghost v15 – Website
6. O&O DiskImage Professional v4.1 Build 47 – Website
7. Paragon Drive Backup v9 Professional Build 8681 – Website
8. R-Drive Image v4.6 Build 4601 – Website
9. Windows 7 built-in Disk Imaging
10. StorageCraft ShadowProtect Desktop Edition v3.5 – Website
The testing was done on my desktop computer:
CPU: Intel Pentium D 2.80GHz
Mainboard: MSI 945P Platinum
Memory: 2GB DDR2
Hard Drive 1: 160GB 7200RPM 8MB Cache SATA 3.0Gb/s (Windows 7),
Hard Drive 2: 250GB 7200RPM 8MB Cache SATA 1.5Gb/s (Backup Location)
I wasn’t able to fully test Active@ Disk Image because the recovery disk feature is not available in the trial version. I emailed them to request for a full version to review but never gotten any reply from them.
Ghost 14 didn’t support Windows 7, so I waited for Ghost 15. When Ghost 15 was officially released last week, they said that they currently do not have any free copies available for the press. So I went ahead and paid $69.99 to purchase a full version for testing.
After finished testing Ghost 15, I then found out Paragon has recently replaced their Drive Backup Professional 9 with Backup & Recovery 10 Suite. I’ve requested for a full trial version and they seemed to be quite reluctant to provide me with a version that I can fully test on. I’d very much like to test and include Paragon Backup & Recovery 10 Suite in the review, but unfortunately I do not have the funds to buy the full version. If they ever provide me with a full version, I will surely update this review.
Macrium, O&O and StorageCraft happily provided me with full version for testing without any delays. I managed to “find” the full version of Acronis, DriveClone, Paragon 9 and R-Drive so I didn’t have to contact them and can’t tell if their support is good or not.
All disk imaging software includes mount/unmount image, verify/validate image, scheduler for automatic creation of backup disk images, raw imaging (sector to sector), and support for Windows 7. So I will not include this 5 features to the comparison table below.
Features Comparison (Click to open image at new window)
Features Explanation:
1: Boot Menu = The imaging software adds the program to Windows start-up boot menu allowing you to run the software for backup/restore without booting in Windows or using the Rescue Disk.
2. Constant Backup = Able to
automatically create non-stop backup every X minutes
3. Virtual Environment = Risk free environment for testing of new software or visiting websites with potentially dangerous content.
4. Restore to Different Hardware PC = In another words, it’s called Universal Restore. You can restore the backup image onto another computer
without having the same hardware.
Disk Imaging and Restoration Speed (Click to open image at new window)
Here are some notes on the tests and rules of disk imaging:
- The disk imaging backup process is tested with default settings.
- Acronis Online Backup is not available for all countries yet. First 25GB cost $4.95 per month or $49.95 per year. Ever 5GB storage increment cost $0.79 per month or $9.49 per year.
- You can create a full image backup on the Windows where you’re logged on.
- You cannot perform full restoration on the Windows you are logged on. Restoration can only be done with Rescue Disk or Boot Menu where Windows on the hard drive is not loaded.
- Macrium has finally added the ability to create image backup using Rescue Disk but only for Windows PE v2.1.200 and above only. It’s a little buggy because the Rescue Disk backup compression doesn’t seems to compress as good as Macrium running in Windows and it also takes more time.
