Q on AdAwareSE

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
   Every once in a while i get at least one of these MRU flags:

  MRU List Object Recognized!
     Location:          :
software\microsoft\directdraw\mostrecentapplication
     Description        : most recent application to use microsoft
directdraw

  MRU List Object Recognized!
     Location:          :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
management console\recent file list
     Description        : list of recent snap-ins used in the microsoft
management console

  MRU List Object Recognized!
     Location:          :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
media\wmsdk\general
     Description        : windows media sdk

*********
   The question is: what causes these? i do not have any of the related
applications, most especially *not* "DirectDraw" or "Windows Media SDK".

Re: Q on AdAwareSE


Robert Baer wrote:
Quoted text here. Click to load it

Well, you certainly have DirectDraw, since it's part of Windows. MRU
stands for Most Recently Used and it means that some programs keep a
list of most recently used documents (think Word, where you have a list
of most recently opened documents). This feature allows to quickly open
frequently accessed documents, but also can act as an information
disclosure vulnerabilty, if someone comes on to your computer and can
see that you edited a document with the name "how I will kill X", s/he
can approximate the contents of the document even if s/he can't access
it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
because they want to scare people that's why they detect many low risk
items, and that's why the use techniques as described here:
http://rootkit.com/newsread.php?newsid=471


Re: Q on AdAwareSE


Quoted text here. Click to load it

Apparently F-Secure is no good either. Would you agree?
From your link:
" btw it's not just a coincidence that the Ad-Aware engine uses another PR
crap firm F-Secure in their products for fighting with spyware."



Re: Q on AdAwareSE

dify.ltd@gmail.com wrote:

Quoted text here. Click to load it
   I certainly do not have DirectDraw; it does not exist as a program
anywhere on the hard drive!

Re: Q on AdAwareSE

Robert Baer wrote:

Quoted text here. Click to load it

Robert,

Direct Draw is part of DirectX, and DirectX (used for a/v content) is
embedded in WinXP.

   Step One: Click Start, select  Run

   Step Two: In the Run dialog box, type:   dxdiag

   Step Three: Click Ok

You should see the Direct Draw DLLs in the list of DirectX files.

See this:

DirectX Diagnostic Tool
   (http://www.updatexp.com/directx-diagnostic-tool.html )

Ron :)

Re: Q on AdAwareSE

Ron Lopshire wrote:

Quoted text here. Click to load it
   I do *not* have XP and i will never get ot use that POS!
   I am using Win98SE.

Re: Q on AdAwareSE


Quoted text here. Click to load it

Windows 98SE also shipped with DirectX, version 6 or so.  dxdiag
should work.

--
»Q«

Re: Q on AdAwareSE

»Q« wrote:

Quoted text here. Click to load it
   I'll be dammned! 4/23/99 file date.
   But...but...motorbut.  I have never used it; this is the first time i
knew about that.
   So, how the heck is it used so that an MRU is created?

Re: Q on AdAwareSE


Quoted text here. Click to load it

Any app that needed to use the graphics API could have called it.
OTOH, it need not be used to have an MRU entry in the registry;  that
key may be empty.

--
»Q«

Re: Q on AdAwareSE

»Q« wrote:

Quoted text here. Click to load it
   Ahhh...empty; did not look to see if that was the case.
   Thanks; will snoop the next time.
   BTW, what program(s), other than the "named" one would create such an
entry?

Re: Q on AdAwareSE

Robert Baer wrote:

Quoted text here. Click to load it

How do you _really_ feel about WinXP? LOL. I understand your position,
and I am starting to feel the same way about Vista.

Visual Tour: 20 Things You Won't Like About Windows Vista
   ... by Scot Finnie

(http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000829 )
Short Version: (http://tinyurl.com/oysst )

Ron :)

Re: Q on AdAwareSE

Ron Lopshire wrote:

Quoted text here. Click to load it
(http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000829 )
Quoted text here. Click to load it
   There is this nice list: 1) The FCC is going to steal our TV sets
(will not be able to use them) in a few years, 2) Billie boy is going to
lock our computers to the CIA, FBI, etc, 3) all personal data is already
the property of those spooks, 4) *all* company data is accessable at
will by the spooks, 5) etc 6) etc
   And it all started with FDR stealing the gold...

Re: Q on AdAwareSE

'Robert Baer' wrote:
|   I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!
_____

Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
Windows Media SDK).
The three are not programs, but rather functions of the operating system.

The flags you got from Ad-Aware are advisory, not an indication of a
vulnerability.
That is why you found them listed under 'negligible objects'.

Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
    "Objects shown here are not considered to be a threat. They consist of
MRU (Most Recently Used items) lists. These can be removed if the user
desires."

All 'Most Recently Used' entries are stored to allow functions like 'My Most
Recent Documents'.
This information is available only to someone logged on to your computer
account or to an account with administrator privledges.

Use Google to obtain information about 'Direct Draw', 'Windows Management
Console', and 'Windows Media SDK'.

Phil Weldon

.
|   I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!



Re: Q on AdAwareSE

Phil Weldon wrote:

Quoted text here. Click to load it
   I am neither stupid nor ignorant.
   There is *no* "administrator" in Win98SE!
   In the dim dark ages 3+ years ago, i remember one could download
Windows Media SDK for development work.
   None of the 3 mentioned functions are a part of Win98SE; if you can
show me how to find any one of them beasties....

Re: Q on AdAwareSE

"Robert Baer' wrote, in part:
| I am neither stupid nor ignorant.
| There is *no* "administrator" in Win98SE!
| In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
| None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....
_____

You did not mention your operating system in your original post.  Since you
have Windows 98 SE just collapse my statement about who can access this
information to 'anyone who uses your computer'.

#1.  Windows 98 SE includes DirectX, of which 'Direct Draw' is a part, see
      
http://www.microsoft.com/downloads/details.aspx?FamilyID=4846c891-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
.

#2.  Windows 98 SE includes Windows Media SDK,
        from MSDN archives:
            "Microsoft Management Console (MMC)-previously known by the code
name "Slate"-is an ISV-extensible, common console framework for management
applications. The MMC will be released as part of the next major release of
Windows NT. When released, MMC will run on both the Windows NT (4.0 and
later versions) and Windows® 95 operating systems (current and future
versions)."

#3.  Windows Media SDK, see
          
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
.

If the above is not sufficient for you, I suggest you use MSDN at
http://msdn1.microsoft.com/en-us/default.aspx .

Phil Weldon

| Phil Weldon wrote:
|
| > 'Robert Baer' wrote:
| > |   I certainly do not have DirectDraw; it does not exist as a program
| > | anywhere on the hard drive!
| > _____
| >
| > Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
| > Windows Media SDK).
| > The three are not programs, but rather functions of the operating
system.
| >
| > The flags you got from Ad-Aware are advisory, not an indication of a
| > vulnerability.
| > That is why you found them listed under 'negligible objects'.
| >
| > Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
| >     "Objects shown here are not considered to be a threat. They consist
of
| > MRU (Most Recently Used items) lists. These can be removed if the user
| > desires."
| >
| > All 'Most Recently Used' entries are stored to allow functions like 'My
Most
| > Recent Documents'.
| > This information is available only to someone logged on to your computer
| > account or to an account with administrator privledges.
| >
| > Use Google to obtain information about 'Direct Draw', 'Windows
Management
| > Console', and 'Windows Media SDK'.
| >
| > Phil Weldon
| >
| > .
| > |   I certainly do not have DirectDraw; it does not exist as a program
| > | anywhere on the hard drive!
| >
| >
|   I am neither stupid nor ignorant.
|   There is *no* "administrator" in Win98SE!
|   In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
|   None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....



Re: Q on AdAwareSE

Phil Weldon wrote:

Quoted text here. Click to load it
** That is me, myself and I; all three of us, period.

Quoted text here. Click to load it
** I see that i have DXDIAG, but nothing else, and since this is the
first time i have heard of that, i obviously have not been using it (and
will no.
   In fact, i think i will delete it and the DLLs from my HD.

Quoted text here. Click to load it
** I translate that to "not on my computer".
   Correct?

Quoted text here. Click to load it
** Ditto translation.

Quoted text here. Click to load it

Re: Q on AdAwareSE

'Robert Baer' wrote, in part:
| ** I see that i have DXDIAG, but nothing else, and since this is the
| first time i have heard of that, i obviously have not been using it (and
| will no.
|   In fact, i think i will delete it and the DLLs from my HD.
_____

Why bother to ask a question when you have no intention in accepting an
answer?
And why should anyone bother to answer?
Just to close this off;

| ** That is me, myself and I; all three of us, period.

Anyone who sits down at your computer can access the Most Recently Used
information; some users wish to delete MRU information to prevent that.

| ** I translate that to "not on my computer".
|   Correct?

No.

| ** Ditto translation.

No.

Phil Weldon

| Phil Weldon wrote:
|
| > "Robert Baer' wrote, in part:
| > | I am neither stupid nor ignorant.
| > | There is *no* "administrator" in Win98SE!
| > | In the dim dark ages 3+ years ago, i remember one could download
| > | Windows Media SDK for development work.
| > | None of the 3 mentioned functions are a part of Win98SE; if you can
| > | show me how to find any one of them beasties....
| > _____
| >
| > You did not mention your operating system in your original post.  Since
you
| > have Windows 98 SE just collapse my statement about who can access this
| > information to 'anyone who uses your computer'.
| ** That is me, myself and I; all three of us, period.
|
| >
| > #1.  Windows 98 SE includes DirectX, of which 'Direct Draw' is a part,
see
| >
http://www.microsoft.com/downloads/details.aspx?FamilyID=4846c891-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
| > .
| ** I see that i have DXDIAG, but nothing else, and since this is the
| first time i have heard of that, i obviously have not been using it (and
| will no.
|   In fact, i think i will delete it and the DLLs from my HD.
|
| >
| > #2.  Windows 98 SE includes Windows Media SDK,
| >         from MSDN archives:
| >             "Microsoft Management Console (MMC)-previously known by the
code
| > name "Slate"-is an ISV-extensible, common console framework for
management
| > applications. The MMC will be released as part of the next major release
of
| > Windows NT. When released, MMC will run on both the Windows NT (4.0 and
| > later versions) and Windows® 95 operating systems (current and future
| > versions)."
| ** I translate that to "not on my computer".
|   Correct?
|
| >
| > #3.  Windows Media SDK, see
| >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
| > .
| >
| > If the above is not sufficient for you, I suggest you use MSDN at
| > http://msdn1.microsoft.com/en-us/default.aspx .
| ** Ditto translation.
|
| >
| > Phil Weldon



Re: Q on AdAwareSE

Phil Weldon wrote:

Quoted text here. Click to load it
http://www.microsoft.com/downloads/details.aspx?FamilyID=4846c891-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
Quoted text here. Click to load it
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
Quoted text here. Click to load it
   Like i said, *i* am the ONLY user, period.
   And i have removed those MRUs (as initially indicated) only to see
them pop up again (as indicated).

   You said "When released, MMC will run.." but that is not relevant if
i do not obtain the software in the first place!
   And those SDKs? Never looked at them or downloaded them and they are
not on my hard drive; if you have a list of file names that i should
look for, i will be happy to search for them and report - i do not mind
being proven wrong if such a search indicates one or more "finds".


Re: Q on AdAwareSE

'Robert Baer' wrote, in part:
| You said "When released, MMC will run.." but that is not relevant if
| i do not obtain the software in the first place!
| And those SDKs? Never looked at them or downloaded them and they are
| not on my hard drive; if you have a list of file names that i should
| look for, i will be happy to search for them and report - i do not mind
| being proven wrong if such a search indicates one or more "finds".
_____

Tell you what;  I've given you sources - now you prove you're right, or
accept the answers you've gotten from several who have tried to help based
on your original post.

And just because
| Like i said, *i* am the ONLY user, period.
doesn't mean that holds true for every system, environment, and user.

Phil Weldon

.
.
|   Like i said, *i* am the ONLY user, period.
|   And i have removed those MRUs (as initially indicated) only to see
| them pop up again (as indicated).
|
|   You said "When released, MMC will run.." but that is not relevant if
| i do not obtain the software in the first place!
|   And those SDKs? Never looked at them or downloaded them and they are
| not on my hard drive; if you have a list of file names that i should
| look for, i will be happy to search for them and report - i do not mind
| being proven wrong if such a search indicates one or more "finds".
|



Re: Q on AdAwareSE

Phil Weldon wrote:

Quoted text here. Click to load it
   I was not asking or talking about every system in the world, or all
Intel-based PCs or all Windoze based PCs, or even your PC; only about
one PC..the one in front of my nose at this time.

Site Timeline