Disable Java’s “Sponsored Offers” Automatically for All Users

The only thing worse than Java and its many security issues, is its incredibly crappy and outdated update scheme. The lack of an automated background update service as well as requiring user intervention for every Java security update is simply unforgivable in 2016. I mean, if Adobe can do it with Flash… anyone can do it, guys.

But, what really adds insult to injury is the fact that Oracle is still up to their old tricks of trying to trick unaware users (who are in a hurry) into installing crap ware, and/or changing settings during the update. Security updates that include opt-out “Sponsored Offers” is really just a fucked up and unprofessional business practice.

Thankfully gone is the Ask Toolbar bundled software. Replaced now with an offer to make Yahoo your home page and default search engine. I could go into rant mode about this at this point, but I won’t…

Any IT manager will tell you that keeping Java up to date on your network is a nightmare alone without having to worry about clueless users installing garbage by mistake.

Now, there an option to check in advanced settings that will disable these offers, but this setting seems to now be user specific now rather than PC specific. And who has the time or inclination to worry about that check box on hundreds of PCs?

There were also registry keys that worked well to change this setting in the past, but no longer do. In fact, it seems like Oracle has intentionally made automating this setting change more arcane with the hopes of duping a few more users.

After battling with this for a while I finally discovered a way to automatically make the change on the PCs in my Windows 7 domain so that the so-called sponsored offers are disabled. The change I am now pushing out is surprisingly simple, which made me surprised that I did not find it on the internet, but rather had to mostly figure it out on my own.

Anyway, the suppress sponsor check box under advanced options is currently controlled by a single config (.CFG) file. I found it after finding many other files and registry keys that have what looks like an option to suppress sponsors, but don’t actually do anything when modified.

The file that worked for me was C:\ProgramData\Oracle\Java\java.settings.cfg

The file is literally a blank document, until I check the box to suppress sponsored offers, it was then filled with a very simple SPONSORS=0 line. Copying this updated config file to the same location on other PCs checked the box for me and seems to even work for all users that log into that PC after that.

At that point, it is a simple matter of copying that file onto all the PCs you want to make the change on via the user’s login scripts or whatever other method you would like, and they will not get the Yahoo offer any more! At least until this is changed around again…

It is a simple fix, but as I said I found nothing out there about it while searching on how to disable the sponsored offers programmatically on the newest Java releases, so hopefully this will help some other IT specialists out there and keep a few pennies out of Oracle and Yahoo’s pockets.

Because seriously, fuck them for this still being a problem I have to deal with.

A String of Numbers before a web address in a URL link (SPAM)

Any networking guy is well aware that an IP address can be used in the place of a domain name in a link.

http://173.194.196.138 for example, will take you to www.google.com

Did you know, however, that the IP address itself in a link can also be represented in different ways?

For example, a DWORD integer value? If I convert that Google IP address to a decimal number, I get this: 2915222666. Now if you were to click on http://2915222666, it would also take you to Google’s homepage just like the other two links above.

To most people, that would not look like a valid link to anything, but it is. There are also plenty of other valid ways to represent an IP address in a link, and this is no new trick, as I read all about it on this site that was apparently written in 1999.

The reason I discovered all this, is because of a link in a spam/malware email sent to some users at work. The link was along the lines of this: http://[ten digit number]/wwwdotrealwebsitedotcom/mail. Now keep in mind, the email made no attempts beyond this to mask the link. It was not hidden until you hovered over it, or anything like that. It even had a “helpfully” fully written out version of the link for users with trouble to copy and paste into the browser.

It claimed to be a link to an encrypted email message, so the strange URL seemed almost plausible.

The link really lead out to the IP address represented by that ten digit number and not the real, unrelated, domain included in the link. The malware website was clearly designed to have the valid URL included in its address, but hid the real domain (IP address) behind that DWORD integer. The link lead to a Russian owned IP address that wanted to download a Trojan disguised as a MS word compatibility pack.

I normally have a very sharp eye when it comes to spotting bullshit URLs, and other things like this. So, the fact that this one looked weird to me, but didn’t set off any alarm bells right away could have been a very bad thing, and this bothered me.

After my research, I now have a much better understanding of an older, somewhat sophisticated, technique to mask where a bullshit link really leads. I wanted to share that information, in one place, in a hopefully easier to find way.

Maybe this was just a weird fluke, or maybe we are going to start to see more attacks like this.

HP 2530p WIFI Hard Disabled after Clonezilla disk clone

Today, after using the newest stable release of Clonezilla -version 2.4.2-32, in boot CD form- to make a disk clone of my laptop’s (HP 2530p) hard drive, I found that the internal wireless LAN adapter was inoperable. Even the LED light/toggle button was stuck on the off/amber color.

After trying all the standard things in terms of software and hardware, and some less than helpful Googling, I was only able to find that it may have been hard locked by the Linux kernel used on the boot CD.

Knowing nothing about Linux or its drivers, and using Windows 7 on the laptop, I figured I may just be fucked. I tried reinstalling the windows driver, system restore, and everything else you can in Windows 7, and I also physically re-seated the card and its antenna connections.

I tried a startup test in the Bios and found no issues. I had already tried disabling the card and re-enabling it in the Bios, with no effect. But, all that gave me the idea of doing a complete reset on the Bios settings themselves.

Once I reset the Bios to the default settings, the WIFI card was working normally again in Windows. The toggle switch and indicator light were able to change to the on/blue position, and the wifi connected like normal in Windows. Beware using Clonezilla on your laptop! Hope this helps.

Login script that checks current IP address to a load certain script

I just thought the other day about how we have been using something very handy at work for quite some time now that I have never thought to post. We use a class C network, and each branch/location, as well as each floor of our corporate center, are on different subnets for the third octet of the IP address (EG: 123.123.XXX.xxx). This is a Windows domain, with XP pro loaded on the client stations.

Each branch has their own files as well as a core piece of software that loads off of network drives that are stored of that location’s local server. We use .BAT login scripts for each location that map the proper drives and whatever else is needed for that location. This was working fine, until we ran into the issue of users wandering to locations different than their home branch. They would sign in as themselves, which -never mind roaming profile issues-, would cause them to load the login script for their home location which would not be of much help at their present local.

My boss and I did a little research; and poached, and customized, some handy code of the interwebz that would allow us to give users a generic .VBS script in active directory that would check what network they were in and then call the appropriate batch file that would map their drives. The .VBS script is saved in the same replicated folder on the domain controllers as the rest of .BAT script files are.

Here’s the code, including the original author’s (of part of this script anyway) comments:

‘Go and get the IP address of the current machine
strcomputer=”.”
Set objWMIService = GetObject(“winmgmts:\\” & strcomputer & “\root\CIMV2”)
Set IPItems = objWMIService.ExecQuery (“Select IPAddress from Win32_NetworkAdapterConfiguration where IPEnabled=TRUE”)
For Each IPConfig In IPItems
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
If varIP=”” Then
varIP=IPConfig.IPAddress(0)
End If
Next
End If
Next

‘Split the IP address up into 4 separate parts and put it into an array
ArrayIP=Split(varIP,”.”)

‘Create a variable containing the 3rd octet of the IP address
varThirdOctet=ArrayIP(2)
varSecondOctet=ArrayIP(1)

‘Check value of varThirdOctet and run appropriate code
Select Case True
Case varThirdOctet=”100″
Set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.Run “SCRIPTA.BAT”

Case varThirdOctet=”2″
Set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.Run “SCRIPTB.BAT”

End Select

The initial portion of the code basically looks at the network adapter and reads it’s current assigned IP address. It then splits the four octets into an array that we can load into variables. It then checks this variable against the list of possible matches in the select case segment and calls the batch file associated with that network when it finds a match. You can put more than just two choices in the select case, obviously, but I used two for this example. Remember that when working with an array, the it starts with 0 and not 1, so the third octet of our IP address is in “part 2” of the array.

You may have noticed in the code above that I also added a variable for the second octet. This year I have been working (almost done actually) on changing our networks to conform to best practice. Our first two octets were not proper numbers for an LAN IP address, and many of our locations had incorrect and/or completely illogical numbers for the third octet as well. We are now using the actual branch number as the third octet for all of our branch numbers.

In working on this project, I ran into the issue that when changing certain branches over to the new network the third octet would be the same as another location still on the old network. This would pretty much break the script’s concept, as it would simply load the first case in line that had the matching number. I got around this problem by simply adding a check for the second octet (which was also changed when I flipped a branch over) that would differentiate between the two networks in the case of a duplicate third octet. In the example below, we look at both the second and third octets to match a certain value to load the proper script:

Case varThirdOctet=”11″ And varSecondOctet=”1″
Set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.Run “SCRIPTC.bat”

Case varThirdOctet=”11″ And varSecondOctet=”2″
Set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.Run “SCRIPTD.bat”

Note that the third octet we’re looking at for both these example locations are the same but the second octet is different, so we use the “and” modifier to ensure that the right script is loaded for the right network. There is no reason why you cannot take this a step further and look at more of the octets by adding another variable and extending the cases, as the whole IP address is already loaded into the array “ArrayIP”.

Disclaimers: I have rather limited knowledge of VBscript (and programing in general) and mostly muddle my way through this stuff, so I am no expert, and you should not look at this script as though it were written by one. This is used in a Windows domain environment with a Windows 2003 or 2008 domain controller at each location with the client PCs that are loading the script being Windows XP SP2 or SP3. I have not yet tested this script with Windows 7, or any other operating systems other than the ones listed above. I did not write the above code completely myself, rather I retrieved most of it off of the internet and modified it with my limited understanding of VBscript to suit our needs. I do not know the names of any of the original authors.

Installing Windows XP Pro SP2 on a HP 635 – AMD Fusion E350 1.6 GHz Laptop

We still use Windows XP on the vast majority of our end-user equipment at work. The standard procedure is to delete whatever partitions and data that come stock on the HP equipment and reinstall Windows XP Professional (SP2) fresh from a CD (or WDS image) and go from there.

Normally, for smooth and simple operation, this procedure requires that you go into the advanced settings in the BIOS and change the SATA mode from it’s native AHCI mode to IDE (PATA) emulated mode in order to avoid the blue screen of death (and having to install special drivers) during the install.

Today, we received a new model of laptop for a user, the first of it’s kind for us. It is a HP 635 with the AMD 1.6ghz Fusion E350 processor. I was surprised to find that, for the first time, I was unable to find any option in the BIOS for the SATA mode. There was not even an Advanced tab, that the option would normally be under.

With no option to change the SATA emulation mode, it looked like XP was a no-go on this rather cheapy laptop. Instead of giving up and deal with the bullshit of setting up Windows 7, I decided to hit up the Google. I eventually found a solution that worked for me.

First, I grabbed an external USB floppy drive, along with a formatted disk (I was surprised I could find a floppy disk!). Then I downloaded the AMD SATA AHCI driver from HP and extracted it to a folder. I copied all the files in the RAID7xx” folder to my floppy and was ready to use it to install the SATA drivers for this chipset during the Windows XP install.

To do this, with your floppy drive attached with the disk inserted begin the Windows setup by booting to the CD. Then press the F6 option to install SCSI and RAID drivers during the beginning of the setup (when it is first copying the initial files). Choose the “S” option to specify the location of the drivers and choose the floppy drive. It should show that the AMD SATA drivers will be installed and then continue with Windows setup normally. Problem solved.

I learned of the drivers from this site, and it might be worth a read if you are looking to install Windows XP on newer HP laptops, or just need the drivers for a different model of laptop than I am working with here.

For the rest of the HP drivers for Windows XP for this laptop, visit this link.

Excel 2003 hanging on network files and automated removal of Office updates

We had an issue at work that just popped up this week. While trying to open an Excel (.xls) document over the network (a file stored on a network share), and while using Office Excel 2003 (2000 and 2007 versions had no problems), the file would hang. Smaller Excel files would take quite a bit longer to load, while a larger one (~4mb) would just hang the program. The same files would open just fine if you first copied them to the local disk.

This happened abruptly at the end of last week. There were no new Windows or any other updates/changes that corresponded to the timing of the issue. After some googling, I found many others that had the issue, as well as a few different solutions.

The solution that worked for us was to close out all Office programs and IE and uninstall these two Office Updates: KB2541025 and KB2509503, in that order. We then set the two updates to declined on our WSUS server, so they would not get pushed out again.

It is strange that these two updates would suddenly break Excel, considering they were installed months ago, but I’m not one to argue with results. This was an easy fix, but as more people report the problem, going to each station and manually uninstalling these is going to be a pain, especially if the user is offsite and you have to remote in.

So I looked up a method to automate the process. I found these two links from Microsoft themselves to be surprising helpful. http://support.microsoft.com/kb/903771 and http://support.microsoft.com/kb/832672

In reading those pages I learned the fairly simple commands to create a batch file that would uninstall the two updates automatically without requiring much user (or administrator) action.

Here’s the batch file, you’ll still want to close out of all Office products and IE before running it:

msiexec /package {90110409-6000-11D3-8CFE-0150048383C9} /uninstall {D1CCA188-7FE2-49A0-8FE5-B5A34054F9ED} /passive
msiexec /package {90110409-6000-11D3-8CFE-0150048383C9} /uninstall {BCBA2E91-F93F-4501-9FBA-5AD21606920A} /passive

The first string of hex on each command is the product code GUID, in this case for Office 2003 Professional Edition. I found this by searching the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall section of the registry for “Office”, and found my product. In this case, the ID is the same for both commands.

The second strings represent the updates themselves. Using this method, you don’t need to worry about a file path, Windows will know what update that is, and if it is installed it will remove it. If not, it will do nothing. I found those two hex strings by going to add/remove programs and with “show updates” checked, drilling down to the offending updates, then I highlighted them and clicked on the “click here for support information” link. The value for “Update ID” will be your string.

I tossed a /passive on the commands so that they will run silently. All the user should see is the command box running the commands. So this can be added to a login script, or you can simply have the user launch the batch file off of a network share. This was tested/designed with Windows XP SP3 and Office 2003 Professional. I don’t see why a similar technique couldn’t be used for other products and updates, but I cannot promise it will work the same.

Stop or Disable Animated Gifs

Once the hot shit at the advent of the mainstream internet, when everybody had a Geocities site covered with them (this author included) – let’s face it though, in this day and age there are only two uses for animated GIF images; crappy advertisements and/or annoying images on internet forums.

Here’s how to stop them, once or completely:

For a quick stop of all animated gifs on a page, simply tap the ESC key on your keyboard. This works in IE and Firefox.

To disable them completely follow these instructions for your browser of choice:

Firefox – Type about:config in the address bar and get to the configuration page, and then change the value of the string image.animation_mode from normal to none.

Internet Explorer – Got to Tools > Internet Options > Advanced. Uncheck the box in Multimedia group that says Play animations in web pages

Not sure about Chrome or other browsers, as I don’t use them, perhaps Mike has some input on those.