Thanks to the efforts of Фат Коўлест (”Fat Cowlest”), In Series is now readable in yet another language I never new about: Belarusian.
This and all other translations are available on the In Series project page.
XmlNotepad is a handy little tool that does pretty much what it says on the tin — it’s like Notepad, but aimed at correctly manipulating XML files. I’ve also found it to be a lot nicer to use a proper XML editor like XmlNotepad vs. a plain text editor when altering XML files; it makes moving, copying, and changing sections of XML not only faster, but much less error prone. So, let’s get it installed…
msiexec /qn /i XmlNotepad.msi INSTALLLOCATION="D:\Program Files\XmlNotepad" TARGETDIR="D:\Program Files\XmlNotepad"
No, you didn’t read that wrong. You have to specify both INSTALLLOCATION and TARGETDIR. It’s… shocking how bad Microsoft seems to be at using its own package installation system; out of four MSI packages so far, 3 have now had bizarre switch requirements. So much for standards.
Ah, more integration. This time, I’m bringing ClamWin into the fold of SteadyState. Remember, SteadyState can “freeze” your drive, making it easy to recover from inadvertently installing malware and the like. However, sometimes it is necessary to update the machine — especially to get hotfixes and virus updates. SteadyState has support for running these kinds of updates on a regular basis, and having their results remain permanent. The catch is that only three antivirus products are supported — CA eTrust, McAfee VirusScan, and TrendMicro OfficeScan. ClamAV is, yet again, not included. Fortunately this is an easy fix; we can add support simply by writing a VBScript file, and make it look like first-class citizen support by tweaking an XML file.
Here’s the VBScript (which should be placed in %ProgramFiles%\Windows SteadyState\Scripts), and the batch file that takes care of the heavy lifting for updating the virus definitions (which should be placed in Clamwin AV\bin). You can, at this point, specify the VBScript file as your “custom script” for scheduled updates in the SteadyState UI.
However, you can have only one custom script installed. Why waste it when we can integrate our script as a “security program update”? Open up %ProgramFiles%\Windows SteadyState\XML\SoftwareUpdates.xml with your favorite XML editor, and add the following entry:
<software
id=”ClamWin0.93″
name=”ClamWin Free Antivirus”
detectionPath=”SOFTWARE\ClamWin”
detectionName=”Path”
append=”\clamscan.exe”
script=”SCTFreshclam.vbs”
category=”Anti-Virus” />
Save the file, close the SteadyState UI, and restart the Windows SteadyState service — ClamWin Free Antivirus should now show up as a security product that you can update.
More, more, more little tools. The Sysinternals Suite is a large collection of handy little tools — including such famous tools as PsExec. It’s just a zip file, so it’s easy to install:
7z x -o"D:\program files\sysinternals\" SysinternalsSuite.zip
Then, simply add it to the path.
PATH %PATH%;D:\Program Files\sysinternals
SETX PATH “%PATH%” -m
Done. :)
Ah, another week of silent-installing tool goodness. The Windows XP Support Tools have some useful little tidbits, like windiff and depends.
First, unpack it:
C:\Temp\WST>WindowsXP-KB838079-SupportTools-ENU.exe /C /T:C:\Temp\WST\Unpack
Then, it’s just a matter of working the suptools.msi file (shame on Microsoft for again not using a default property to set the target directory):
C:\Temp\WST\Unpack>start /wait msiexec /qn /i suptools.msi XPSUPTOOLS="D:\Program Files\Support Tools"
And voila. The toolkit is even kind enough to put itself into the default path. :)
I’m going to take a little diversion, because it really bugs me that ClamAV doesn’t register itself with the Security Center. I’m sure I’m not the only one who finds this somewhat obnoxious. Furthermore, I have yet to find a clear description of how to handle all this WMI mumbo-jumbo, but it’s quite straightforward — and I’m annoyed that nobody else has put forth a direct, eloquent explanation. I’ve finally read between the lines enough to figure it all out, so please enjoy the fruits of my labor. Since I’m on the topic, I’ll also be discussing the integration of ClamWin with SteadyState — but I’ll discuss that in detail in a later post. :)
Windows XP SP2 introduced the “Windows Security Center.” Essentially, it’s a centralized/cross-product way to nag at a user if AntiVirus software is not installed, enabled, or up-to-date (3rd party firewalls are supported, too, but Windows XP’s built-in firewall works just fine as far as Security Center is concerned). If you install ClamWin AV, windows keeps nagging at you. Why? Because ClamWin doesn’t go through the motions to register with Security Center.
So, how does one register with Security Center? Well, through Windows Management Instrumentation (WMI). Really super not obvious. WMI is almost like another (object-oriented, event-enabled) registry of sorts; another nightmare of barely-structured, barely-documented config, control, and status data points. All we really care about is that the Security Center looks for instances of certain classes — specifically, the AntiVirusProduct class. You can take a look at the definition of this class by opening up its MOF file at %SystemRoot%\System32\wbem\wscenter.mof.
Once we create an instance of that class in WMI, Security Center will discover the object and take appropriate action based on the object’s properties. The question then becomes, how do we create that object? The following code outlines the gist of it (you’ll need to reference the System.Management DLL):
using System.Management;
/* … */
ManagementClass avp = new ManagementClass(@”\\.\root\SecurityCenter:AntiVirusProduct”);
ManagementObject status = avp.CreateInstance();
status.SetPropertyValue(”displayName”, “My AV product”);
/* … */
m_status.Put();
Given the appropriate set of hard-coded values, it’s possible to just make the Security Center message about not having an AV product go away. With a little more creativity, we might be able to actually get some real integration going on… maybe not true real-time scanning, but at least integration with regard to engine and signature updates. I’m working on a Windows service that will handle integration — I’ll post it up if I’m successful. On the other hand, since ClamAV already provides that information in a popup balloon, it really isn’t necessary to duplicate the effort… really, we just need to whine if ClamWin stops running.
You can always hard-code the object yourself — you don’t even need to write code to do it. Just run wbemtest from the “run” dialog or command prompt, and do the following (all indicated values should be typed/interpreted without the quotes):
The Security Center will now claim that you have an AV product in place and operational. Alternately, you could just run a VBScript file that does all the above for you. I run this script right after ClamWin is installed, to make SecurityCenter shut up.
So, here’s a little diddy you probably haven’t heard of: SteadyState. I recall way back in the day my CompSci teacher and his flunky (you know who you are) were hell-bent on locking down the lab so those ornery high-schoolers couldn’t break the Windows installations on those machines. They settled on DeepFreeze, but you can achieve virtually the same effect with SteadyState (DeepFreeze offers some extra administrative sugar; SteadyState offers more lockdown features).
To install silently, you’ll first need to break this package apart with 7-zip:
C:\Temp\SteadyState>7z x -oSteadyState SteadyState_Setup_ENU.exe
Then, it’s a simple matter of running update.exe (no option to change the default install directory is available):
C:\Temp\SteadyState\SteadyState\update>start /wait update.exe /quiet
As with most of these, it’s easy once you know the trick. :)
