Okay... I have been putting my system together again after a recent crash... and having just set up my new laptop from work... there are a few things I have found to be essential tweaks for the internally digital overlord.

I'm not in control!

I don't know how I would work a NT based Windows system with the standard Task Manager. I have to have SysInternals (now Microsoft) Process Explorer. It's just a must. If it weren't for that I'd be using GNU PS or something all the time... which isn't really practical in a GUI system.

Dud

First I'd like to mention Dud... Dud is great, it doesn't do anything, but that's what's great about it, and I can never find it when I need it... so maybe if I link it here that will help... Dud should really be Open Source, and of course, we could all write:-

void main(void){};

Compile it, link it and that would be pretty much the job done. However, in practice I think the linking of Dud is the cleaver bit.Hang on, what's the point of a program that does nothing? Well what about all those programs you have which do stuff you'd rather they didn't? Delete them, and for one reason or another the system puts them back... (another program checking the annoying programs integrity or just SFC) Rename (or if you can delete) annoying program and put dud in it's place with the same name... if something tries to replace it... just use the security tab to deny access to that copy of dud to everything... Woohoo! You broke it, and it will never annoy you again!

I typically use Dud to replace Outlook Express and the two versions of Doctor Watson. Sometimes I put it in place of IExplore... but I should really get around to writing something that will take IEs DDE connections and just pass them on to Firefox or whatever has become the default browser. When you don't use IE, and IE isn't the standard browser... perhaps IE has actually become infected and your system remains clean so long as IE is never run, it's highly annoying that some programs totally ignore the users prefered browser and launch their help files in IE specifically from C:\Program Files\Internet Explorer\IExplore.exe or %Programs%\Internet Explorere\IExplore.exe.

But Dud can also be a lifesaver when you get one of those annoying Trojan\Virus thingies that keeps naming it's self something random in System32... you can't delete them coz they are locked by the system whenever it's on... you can't take them out of automatic startup coz they aren't listed... nope, their a driver or a security device that WinLogon loads or something, spoofing a Card Reader or Fingerprinting device... anyway, you can usually rename them, and put an appropriately named copy of Dud in their place. Reboot and then delete them.

UnixUtils

Okay, well I don't know about you, but I don't think much of a PowerUser who isn't competent with a command line shell... It doesn't have to be BASH, or PowerShell but what ever is your preferred CLI, some of those GNU commands most Unix systems have are just so darn handy, it's not worth not having them around.

Anyway... I keep copies of these primary tools, and some custom ones (like dd etc) and stick them on quite quickly after installing Windows.Sometime I should make a standard installed... to make \etc directories and set everything up so that .bashrc and man work natively on Windows.

That's Just Mad!

I can't stand files that aren't associated with anything, and going around hunting for something that I think might just be able to read them. Of course any file is just a stream of bytes, and that means if you could just look at the numbers you might have a better idea what kind of file you are looking at, and find an appropriate reader just like that. (snaps fingers)

For this reason and purpose I use MadEdit. I've been through several Hex readers/editors over the years, but this one is a real doozie. It has syntax highlighting for most common text files (ini, php, sh script, batch files, xml, html, js, vbscript etc) it can insert or over type raw hex, it can view as hex, text or columned text... which means inserting indentation for legibility or creating ASCII art is sooooo easy.

Of course, if you know the shape of the internal structures of binary files, this also shows up QuickTime, Mpeg, Ogg Media, Automatic Streaming Files, Windows Media Video and Matrioska files which have been given a .avi extension just to get more hits on p2p searches and stuff.

Consolation

Back on the subject of Command Line, Win-R -> Cmd <Ret> is far too common, and annoying a task... How about a nice console which sits on your desktop like a widget? Console used to do just that. When active it was always on top, when not always on bottom, now it's one or the other or just normal layering... which isn't so cool, but then it can also house multiple console shells. So PowerShell, 4NT, zsh, bash all in one cool looking translucent console.

Printer? Don't want no bleeding Printer!

Once upon a time it was common practice to see "Generic Text Only" Printer installed on any Windows system... just because, even if you're out of paper, or the printer is broken, or you just don't have a means of exporting from an application to a CSV file, it comes in really handy... Most programs print very graphically now, and many (annoyingly) print even text as graphics of one form or another. So the Generic Text printer driver just outputs blank pages.

Here's a modern equivalent of that which I tend to find essential very quickly. PDF Creator will take anything you print to it and turn it into a PDF file. Now, I know many people find creating PDFs a pain anyway, and this free and open source solution produces better results than many commercial offerings I've seen. It works quite simply, and yet has advanced options for image compression, colour spaces etc buried in it's gubbins. It's ability to run non-interactively on a server, so that anything printed to it just drops into a network share the user may not even have access to is also great if you are managing a LAN.

If you are producing something in AutoCAD or something, and want to show your work in progress to... a client or something, and you don't want to fax it, or post it by snail mail... make a PDF, you can be pretty sure whatever they are using they will be able to read it, and it will print out to the best ability of their printer/plotter.

How do you read a PDF? Most people probably use Acrobat Reader from Adobe. But I have to say... the free version of FoxIt reader loads so much faster, and seems to support everything that Acrobat does. Mac OS X will open PDFs with Preview without any difficulty, and any system can use GSView from GhostGum Software.

If you are running Windows XP or Windows Vista, you probably have access to the "Microsoft XPS Document Writer" and the principal here is much the same. Electronic Paper. If you don't have that, you need to have a "looksee" to make sure your system is up to date, you should have the Windows Presentation Foundation installed, and the XPS printer Driver should come with that. The direct downloads that will enable you to create and read XPS files can be found here.

Back me up here will ya!

Being able to archive stuff you need kept, or don't use often is really, really important. Getting back documents, music, pictures and other keepsake files after a crash is also crucial. Zip folders in XP or ME but not 2000 (by default, you can put them back) are one thing... but we tend to use a variety of archivers for different tasks... One of the best (if not the prettiest) free tool I've come across to deal with these is ICEows. I don't associate it with Zips and Cabs because the OS already does that quite sufficiently... I usually replace the RAR capability with WinRAR later on, but as a general archive reader / writer this works so similarly to Zip/Cab Folders in Windows I think it's beautiful. Despite it's ugly icons and crabby Preferences UI.

Again, I also like Command Line archiving. Macs make DMGs, Unix uses TAr, often with some form of compression. How do you back up a directory tree on Windows, preserving the ADS, ACLs and all the rest of that Windows NTFS specific stuff? A Cab won't do it, nor a Zip. You could use Windows Backup... but it's not really designed for the occasional job. It's command line based, but easy to set up a Scheduled Task or CRON for, and streams to any stream compressor (GZip / BZip2 style) so I say use Strarc! You can find it half way down the page linked among many other incredibly well built GNU and OSS and custom made command tools by Olof Lagerkvist. (Don't tell him, but I think this guy may well be one of my secret heroes)

Batch without the box?

Okay, command line tool boxes are banned on our network at work. Don't really want kids or teachers messing around in the command line, they could do to much damage too quickly. But I love it for making major changes very quickly... I don't need them to see the output, it's usually redirected to a log anyway so how do I stop the Box popping up and getting my batch killed? Simple but very, very neat solution. Hidden Start from ntWind software. This is great for login scripts, Scheduled Tasks or Crons.

Cron WTF?

I keep talking about Cron in relation to Scheduled Tasks... well $cron is the standard Unix command for scheduling tasks and processes at specific chronological times. Simple huh. The fact is I neither like nor trust the standard Windows Task Scheduler, and disabling (or not installing in the first place) the Task Scheduler service is one of the first things I do. The fact is, I've seen too many Malwares updating their get latest ads and trojans from our site tasks in Windows Task Scheduler.

Cron is very standard, and "crontab"s (textural tables of cron tasks) are pretty standard too. They could just as easily be abused, but because there are so many variants, it makes the malicious software writers job that much harder. There is strength in diversity.

I have several favourites for different environments on windows. The Win32 build of SINC (GNUs SINC Is Not Cron tool, using standard GNUs Not Unix recursive acronyms) is very nice for managed networks and domain level control. I prefer it over GNUs Win32 cron, because it doesn't require the Cygwin posix compatibility layer.

Cygwin is a fantastic way of turning Windows into Linux... or, more like BSD TBH. But if it's Windows I'm using, I would rather have access to it in Windows native forms.

From a single user / machine point of view, nnCron is probably much more user friendly for simple tasks. The Lite version (half way down) is freeware, and I think if you needed the other functionalities, you'd be better off learning to use some of the other administration tools I list here. At the time of writing, the cost of a licence for full nnCron is £25 here in the UK.

Automation

Many tasks are done the same, or similarly over and over again. The power of command line shell work is that you the input and output is so simple, it can be processed in a script very, very quickly. An example I like to give is that if you copy a whole bunch of files from a CD to your documents folder in Windows, all those files become "Read Only" as this is the only way Windows can acknowledge that they have come from a read only medium, having no means of write protecting a Volume. (Floppies used to exhibit Write Error responses) From the windows explorer you would have to keep grouping up files in each folder, right clicking and selecting properties, then removing the "Read Only" check box, then doing the same for the folders in that folder, and the files, and the folders in those folders, and so on. If you use the NT command line (or DOS on a non-NT Windows) you can just type "Attrib -r * /s". Job done!!!Using a script of such commands can get a heck of a lot of work done in very little time at all.

Sometimes, however, there simply isn't a way of doing something in a command line program. How do you change each occurrence of "Times New Roman" text in a Word document to "Palatino Linotype" for example? Well, you might be able to convert it to some typeset file that could be modified more easily from a stream using AntiWord or such but you may well loose some other vital formatting by doing that.

Microsoft dropped the "Windows Recorder" after Windows For Workgroups 3.11 because "Nobody used it" which is a real shame, because they didn't drop the Object Packager, or COM because nobody used it, and probably nobody except me used Recorder to macro Keystrokes and mouse movements and clicks, because Windows wasn't advanced enough to be able to do anything so complex that it needed to be scripted then. These days, graphical automation scripts are all the rage, whether it's via Windows Script Host, or some other means. MacOS has always had standardised means of scripting graphical operations, and it's latest Automation is fantastic... WSH however is quite the little security hole. It makes admin very fast but it makes getting hacked very fast too. So, again, strength in diversity, I use AutoIt to perform automated graphical tasks. Many prefer AutoHotKey and I agree that there are advantages, I simply find AutoIt to be very good for rapidly creating and distributing scripts.

PowerToys

People still rave about "Command Prompt Here", and from NT Associating cmd.exe with folders and drives is easy. What is still far more useful IMHO from the original PowerToys collection is the "Target Context Menu" it was only ever released with the Windows 95 PowerToys but it is so empowering. Right click Start Menu shortcut, and select Target -> Open Container and you are at the install folder of that program... regardless of whether you were asked where to install it by the setup program or not, or even if you remember what you told it. This goes on to my systems strait off, I can't live without it. Also the Attributes Context Menu Extension (Which I can't find on Microsofts' site now, so my best advice is Google it). Or you may try LopeSofts' Freeware FileMenu Tools, but that might be overkill, I'm undecided as yet. It's so difficult to get to Hidden and System attributes of files without it.

I'm slightly disgusted to see that the old hierarchy of Win3.1 to present pages has all been redirected to the Windows Vista main page now. I know most of that stuff has been shuffled off Microsofts' support lists now, but Apple still host Service packs and updates for System 6 so it's a little frustrating if I'm trying to support someone who hasn't upgraded from WFW 3.11 or Windows NT 3.5 for some very good reason of compatibility and can't get to the downloads any more, and I think Windows 2000 and ME are still in their extended support period... I should still be able to access their stuff. Anyway, the page has gone, the complete download is still available, though you used to be able to select just the Toy you wanted. My advice is grab this download while it's still there.

Since I use SysInternals (Now Microsoft) Junction, and GNU Win32 ln from the command line I like to have paraesthesia Junction Overlay and Property page installed. This means I can see a folder isn't a unique folder, or located in the folder I find it, but an NTFS reparse point to another folder somewhere else just by the little chain overlay, and I can find out where the original is just by looking at the properties of the folder (Junction / Reparse).

I also use AlaxInfos' NTFS Link, but only to Delete Links from Explorer, the other functionalities don't seem to work so well. The thing is, that because NTFS5 supports Junctions, Reparse Points, Hard/Softlinks but Explorer doesn't, if you try to "Delete" or "Recycle" a reparse point or other junction, Explorer first moves or deletes all the files in the links destination before removing the link. AlaxInfos' NTFS Link "Delete Link" menu option will do just that. Delete the link, leaving the files within it's target in tact.

On the subject of Property pages, I also like Beeblebrox HashTab. I don't use file Hashes myself very much, but when downloading from a source which lists the last known good hash for a file, it's nice to check it downloaded correctly and that it hasn't been hacked on their site, though I think if I was the hacker, I'd hack the listed hash while I was at it. HashTab is very easy way of checking these.

Dr. Hoiby has a couple of extensions I like very much, which make the comment column of windows detailed view in Explorer actually useful. HobComment allows you to easily set comments on files and folders, without going to the "Summery" Tab in properties, which actually isn't present for all file types, and HobCommentXP puts commented folders ability back into XP... XP retained Folder Comments from ME/2000 but doesn't display them or allow them to be changed any more. After some passage of eMail correspondence he kindly made a custom version of HobComment which allows you to add, or change comments from the command line. I'm not sure if I have permission to redistribute it publicly and I know he hasn't listed it on his website yet, but eMail me if you (like me) are interested.

So, overlays and details view columns, hmm what does that remind me of. Ahh yes, Shedko Badges. Many project folders, where I keep multiple files and manually work through them, meaning some are at different levels of processing than others, I would be lost without this incredibly handy tool for assigning a token (badge) to files and folders, which shows as an Overlay, and (thanks to some correspondence from my good self, and the willing of Vadim Ivanoff [VaDeam Labs | Deviant Art] it's author) a column in detail view which you can sort files on. You may even notice that I created a theme for this one, though the one on the Shedko site is outdated. I updated the theme in response to the Design Guide, and you can grab that at Deviant Art.

More detail comment magic can be provided by FolderSize... I'm surprised actually, knowing how much ME/XPs video thumbnails make Explorer lock up the system, that FolderSize is so efficient with the CPU. It adds a background service to the system, so imagine that is caching the size of your folder contents to enable it to be prompt with it's display.

Thumbnail view is a great feature of Windows Explorer, but the number of formats it supports is rather limited. I always like to have ThumbView installed to beef up support.

If you ever have difficulty deleting files, because they are always locked by the system, then Unlocker is the solution. Well, actually there are several others, including Dr. Hoibys WhoLockMe which I used to use, but Unlocker seems to manage to get around any level of lock out, one way or another.

I think we're being watched

If you share my paranoia that someone is always listening to your conversations and watching what you type, you probably don't include your name at the top of your blog... oops. Anyway, some things are private, and some are public. The things you want to announce publicly on your website, stuff that is personal, or private (especially if it's not about you, but someone else and could be embarrassing if you handled their private data publicly) you should really encrypt before you post, eMail or host in a public area... eMail is always public remember, it's easier to spy on someones eMail than it is to tap their phone. AxCrypt is very simple, and (provided you keep your keys safe) is very secure. It's also incredibly simple to use. Oh yea, also, it's free... Which was nice.

Media! Give me media!

Okay so MediaPlayer 11 isn't bad if you're using Vista or have slipstreamed it into XP... or even just use the Update site properly, but it's not great, and the standard set of filters for DirectShow is a bit naff.

Here's the standard set I usually start with. FFDShow is about all you really need to play DivX, mp4, mkv, ogm, XviD etc etc etc files. The most optimised binary distributions can be found at FreeCodecs.com but if you don't know what extensions (SSE, SSE2, SSE3, MMX, 3DNow!, 3DNow2 etc) you CPU supports... you may as well get the general version from SourceForge.

My favorite Media Player is BSPlayer, but there are times when there is call for something that doesn't even use DirectShow, and can therefore get around the limitations of that API. Then I dig out VLC. It's ugly, and if you skin it it becomes very unwieldy (IMHO) but it's free OSS software, and it's really rather good at translating files from one type to another.

Better than that, is MediaCoder. Another OSS program (or rather collection of them) which can pretty much convert any media file (audio or video) to any other.For music (and other audio files) I like Foobar2000. It's very plain to begin with, but there are lots of nice skins at Customize.org and actually the nicest thing is that it minimises to the system tray ("notification area" as it's now called) the Kernel audio output is very clear, and goes real easy on your CPU so you can carry on doing what ever processor intensive task requires moosik, unhampered.

What about security?

Yes... well that should really happen first, and really is a matter of choice, but I frequently get asked what my personal preference is, and whether or not it's worth investing in an expensive firewall/antivirus/antispyware/antimalware etc.

Anyway, is it worth? Well, if you are installing just for your self then probably not. The freeware, or free for personal use solutions are about the best you can get...

Trouble is, a more expensive solution is also going to detract from your system performance. If you are looking for firewall & antibug software for your corporate / site gateway and proxy servers (machines which are going to do nothing except monitor what comes in and goes out of a site) then yes, pay, and pay well for your software. That is a key link to your organisation and you want it to be secure and stable. If you are a home user, and you are going to work, and play on the machine you are trying to protect, then personal / home edition software should be cheep to free IMHO.

The solutions I am currently recommending to home users are COMODO personal Firewall, Avast Anti-Virus, and AdAware & Spyware Blaster anti malware.

COMODO Antivirus may become better in time, but has a way to go yet. Bear in mind that you will probably need to register these products, even though registration is free. Most of them are supplementing your registration fee from the commercial users, who (being responsible corporate entities) are prepared to foot the bill for keeping you safe and happy to surf and shop on-line with their companies. Therefore they need to evidence just how many of their clients customers they are protecting.

Spyware Blaster is absolutely useless after you have been infected. Most solutions are, but Spyware Blaster is particularly naff, as it only really takes you back to a "last known good" configuration. However, against Malware it is much better than System Restore Points.

If you want to invest in any of these, the one to go for would be AdAware. Their professional version does perform real-time background scanning which the free version does not, and that is a very good thing.

If you really want to pay for home Anti-Virus or Internet Security, I cannot recommend Norton or McAfee. Even their "personal" solutions are way too much bloat-ware for home use, these people make excellent server protection systems IIS plugins etc but they lost touch with the home user market quite some time ago.

Security Tip:-

I use a Firefox add-on called SafeDownload. If you use this in conjunction with Sophos free command line scanner, and/or ClamAV command line version (Not the GUI ClamWin though that is an adequate AV for low internet use system) Firefox will scan anything it saves to your hard drive.

Also, the version (not yet verified by Mozilla) on the Software Blaze forums, has had a tweak added with some co-operation from myself, to allow you to ignore safe mime types when scanning. That is not to bother scanning bmps and jpegs and mp3s and gifs and such like. You should be aware that files with these extensions may not be what they claim, but by and large, as windows doesn't attempt to pass them through the execution system, only on to another program to read them, they should be pretty safe... Just don't rename them .exe and double click. ;)