Easy2Boot will soon support UEFI booting!

Easy2Boot soon will support booting of FAT32 UEFI disk images!

To make these image files you need to run a Windows script...

Example 1: lubuntu-13.10-desktop-amd64.iso
1. Run the MakePartImage.cmd Windows script to create an image file - e.g. LUBU64.imgEFI
2. Copy the file to your E2B drive \_ISO\MAINMENU folder

Example 2: KonBoot 2.4
1. Make a KonBoot 2.4 USB EUFI drive using a spare flash drive. You can use the batch file provided by KonBoot or just make a single partition USB FAT32 drive using RMPrepUSB. Make sure the \EFI folder is present.
2. (optional) Test that the USB drive boots via UEFI
3. Run the MakePartImage.cmd Windows script to create an image file from the USB drive - e.g. KonBoot24.imgEFI. As an alternative you can skip steps 1 and 2 and just point MakePartImage.cmd at the KonBoot folder on you C: drive that contains just the EFI folder - e.g. C:\temp\KonBootV2.4
4. Copy the image file to your E2B drive \_ISO\MAINMENU folder

Example 3: Windows 8.1

1. Run the MakePartImage.cmd Windows script to create an image file - e.g. Win81x64.imgEFI
2. Copy the file to your E2B drive \_ISO\MAINMENU folder

Note: Due to the file size limitation of FAT32, the \Sources\Install.wim or Install.esd file cannot be over 4GB.

You can also make an .imgEFI file from a working FAT32 USB Flash drive using RMPrepUSB - Drive->File (use P1, P1, 0) - but see the easy2boot website for instructions as you need to add some grub4dos files first.

Some linux ISOs won't boot from a FAT32 filesystem unless the files are modified. You can use Fedora Live-USB Creator to make a working USB Flash drive and then use the contents of that Flash drive in your .imgEFI. You just need to ensure that the volume label of the image is the same as that of the USB stick. To get the USB Flash drive working, some editing of the .conf and .cfg files may be necessary to get both MBR and UEFI booting to work. Once a USB Flash drive works, the same image should work when copied into a .imgEFI file using the MarkPartImage.cmd script, as long as the FAT32 volume names are the same.

Now we have prepared our Easy2Boot drive ready to use for MBR or UEFI booting and we can boot any one of the images via UEFI (and most via MBR too) - sweet!

 Here is how to use it:

1. Boot from the target system via MBR\CSM booting to the Easy2Boot menu

2. Select one of the .imgEFI images - this will change the MBR on the drive and load the new CSM Menu (after some warnings about the possibility of it destroying your E2B drive!)

3. From the CSM Menu, you can instantly switch back to E2B Mode, or run the payload files in the current MBR mode (works for Windows and KonBoot, etc. but not linux) OR...

4. Choose Reboot and boot from the USB drive via UEFI BIOS mode - it should immediately boot to the selected EFI payload (e.g. CentOS, Deft8, Lubuntu, KonBoot or Win8.1 install in UEFI mode).

5. To change back to E2B again, reboot from the USB drive via MBR\CSM booting - you will see the CSM Menu- choose Switch and it will immediately restore the E2B partitions and load the E2B menu.

The advantages of this process is that this should be 100% compatible with most UEFI BIOSes as it uses a single FAT32 volume. It is also a very simple concept. Switching modes is virtually instantaneous.
The 'cons' are that you can easily accidentally 'destroy' the MBR of your E2B USB drive if anything goes wrong and it does not boot in MBR mode. Secondly, you have a file size limit of 4GB which may apply to files like install.wim (the .imgEFI file can be bigger if your E2B drive is NTFS, but the individual files inside the image cannot be larger than 4GB). Another disadvantage is that you have to prepare an .img file first (though this takes only a minute or so when using the MakePartImage script, even for a 4Gb Windows 8 ISO).

For some EFI images - e.g. KonBoot and Windows Installs, you can run them in MBR mode and UEFI mode, thus you don't need to have both the .ISO files  and the .imgEFI files on your E2B drive for these. The linux images however won't boot in MBR mode unless you add a grub4dos boot menu entry to run the correct kernel/initrd commands (the files are already in 'flat-file' format in the FAT32 image).

If anyone is interested in trying out a very early Alpha, please let me know. You may need to be experienced in Disk Sector editing if you run into trouble (but only your USB E2B drive will be affected) but by using Disk Doctor in RMPrepUSB it is quite easy to put back the E2B MBR should anything go very wrong!

Installing Windows from a USB Hard Drive without needing a Helper USB Flash drive

Using .imgEFI images also has the side-affect that you dont' need to use a USB Removable Flash 'Helper' drive to install Windows. If you format the image as FAT32 then you can install Windows from an E2B USB Hard disk both in MBR mode or UEFI mode. However, you are limited to install.wim files of less than 4GB.

If you format the .imgEFI image file as NTFS, you can only install Windows in MBR mode but the install.wim file can be of any size and at least you don't need a Helper Flash drive.

More information on the easy2boot site here.

MakePartImage now installs syslinux to the PBR if it sees a \syslinux folder in the image. This allows you to run linux in MBR mode. The file extension .imgPTN is now recognised as well as .imgEFI (deprecated). It makes more sense to call it .imgPTN as it is just an image partition and does not necessarily have to contain EFI files or support UEFI booting.

New XP unattended install feature for E2B v1.32

The next release version of E2B 1.32 will have a new feature which will allow the user to select or automatically use an unattend.txt answer file (or winnt.sif file) with the XP Install ISO that is picked by him/her. This was previously only possible using the WinPE method of install, but now you can do it using the 2-Step DPMS install method too.

You can either have one specific unattend.txt file for each XP ISO file which will be automatically used, or you can configure E2B so that it prompts you to manually select an unattend file from a list of files. This means you can auto-install to a hard drive, however if you specify any extra driver files or other files in the unattend answer file for XP Setup to copy, this probably won't work (unless you add them into the ISO).

E2B will copy your answer file to the F6 virtual floppy disks and rename it to winnt.sif so that it is automatically picked up during the start of XP Setup. Due to the way this works, the DOS floppy can only contain 8.3 filenames and so the .sif files must be of 8.3 format too. However, the file that the user picks from a list is actually a batch file with a .AUTO file extension and this file can be of any filename length.

For full details, see here.

I will place a TEST version Easy2Boot_v1.32a_TEST_XP_WINNT.SIF.zip in the Downloads area as usual.

P.S. Rev2 - You can now also run a .cmd file from the USB E2B drive automatically after installation. This .cmd file can call another .cmd file on yourUSb drive to complete the installation by 'xcopying' over a large folder from your USB drive to your target system and then running a script to install drivers and applications. You must write the copy code cmd file and add the installation folder yourself.

Note: Although you should re-boot back to the E2B drive after Step1 and select Step 2, I have found that this is not always necessary and you can allow the system to boot from the hard disk after Step 1. 

End of Windows XP - good news for some?

There has been a lot of talk about the end of Microsoft support on April 8th 2014 for Windows XP SP3.

Who ate all the TeleTubbies?

Recently, there have been some articles on why you should switch to a newer, supported OS like Windows 8.1. However, I suspect that many people and small businesses will continue to use XP for at least 6 month to a year. I know that many people in 'poorer' countries still install and use XP illegally. I also know that in these countries, many computer shops openly pre-install XP (activated but unlicensed!) for their customers.

XP may still be used in many pieces of equipment that you use: disk copiers, stage lighting consoles, recording/mixing desks, data servers that 'just sit there and work', card payment systems, etc. It has been said that 95% of the worlds ATMs run XP (embedded) - though I doubt these are updated with the latest hotfixes every week or even once a year!.

So the question is, will XP really die after April 2104?... Of course not!

Many people will continue to use XP for many years. However, there is one thing that the end of MS support does mean, and that is the end of XP drivers for new products. Why is that such a big deal?...

Many businesses and education establishments demand XP drivers, because their systems and applications still run on XP. This, in turn, puts pressure on the chipset manufacturers and specialised peripheral manufacturers to develop and release XP drivers and associated software.

Over recent years, it has been harder to find XP drivers for new systems, but now it will be impossible. Chipset, peripheral and card manufacturers now have a perfect excuse to not supply XP drivers for their new products because XP is no longer supported by Microsoft. In fact, these manufacturers had actually ceased to 'support'  XP since late 2013 for any of their new products.

So it will be a death by attrition. As old hardware dies and is replaced by newer hardware, there will be a dearth of XP drivers for any new hardware.

Windows 8 has been around since August 2012 and there is now a good driver base for all hardware and peripherals (at least for all hardware younger than 5-6 years of age). However, most of the people running XP will have older peripherals such as old printers, scanners, etc. It is hard to find drivers for these old peripherals now for Win7/8, as the manufacturers don't write and release drivers for kit they no longer sell.

Equally, A lot of XP software does not run under Win7/8 very well (which is why companies have held onto their old XP systems and their bespoke software and hardware). If you have an old XP laptop, the special drivers for these (e.g. hotkeys, special trackpad features, power managent, docking bays, etc.) will not be available for Win7/8. These hardware drivers won't work in a VM running XP on a Win7/8 system either!

So changing from XP to Win8.1 actually involves more expense than just paying for a new OS. For XP users it involves:

1. A new system (Win7/8 won't run too well on low-memory PCs and no drivers for old laptops)
2. A new OS
3. New peripherals (no drivers for older printers/scanners and special peripherals for midi/recording/video capture, etc.)
4. A lot of time getting it all to work from the IT department
5. Training costs

This is all good news for the poor old PC industry which has been in decline over the last few years.

So what can we look forward to after April 2014? My guess is:

1. Increased sales of PC and related software and hardware products
2. Increase in hacks for activating Win 7/8 illegally
3. XP-alike versions of linux gaining in popularity
4. Increase in jobs for consultants who specialise in upgrading systems, writing/converting software and training.

Maybe it's time for me to buy shares in PC World and Microsoft...

Easy2Boot, linux ISOs and persistence

It is possible to boot the following linux ISOs with persistence from your E2B USB drive:

linuxmint, XiaOpan, ubuntu, YLMF, Puppy, Slax, Ubuntu, LUbuntu, Fedora, Backtrack 5, BitDefender Rescue (old versions only), geebox, kali linux, kaspersky, PCLinuxOS, Porteus, StartOS and XBMCbuntu.

They can all be on the same E2B drive and all boot using different persistence files. The E2B drive justs needs the one partition for E2B (partition #3 and partition #4 which should both be unused/free).

You can even have multiple persistence files used by the same one ISO. For example, you could have a Bob_Ubuntu.mnu for Bob and a Mary_Ubuntu.mnu for Mary - both would boot from the same Ubuntu ISO but use different persistent files.

You normally will need to copy and edit a small .mnu file and make an ext2 file using RMPrepUSB for each ISO.

For more details, please see here.

Adding the Kaspersky Rescue ISO to Easy2Boot (with persistent updates)

You can easily download and add the kav_rescue_10.iso or krd.iso file to your E2B drive easily. Just copy it to the \_ISO\MAINMENU folder.

(Note: if using krd.iso, do not use parentheses ( ) or any other strange characters in the .iso filename - esp. when using agFM - 'Kaspersky' option to boot it).

Download here.

Note: When converting to .imgPTN file for UEFI+MBR booting (do not add rEFInd, say No to prompt:
          'Timeout in 10 seconds       (default=N )... AUTO-CORRECT? (Y/N) : ' 
          to not Auto-convert .cfg files).

See new Kaspersky Forum if any queries and Forum post here.

When you first run it, you will want to update the virus definitions. When you do so however, it will store the updates on an internal hard disk of the system that you booted the E2B USB drive from, instead of storing them on the E2B USB drive. This means that when you boot on a different system, you will have to download the updates all over again (if the system has an internet connection).

IMPORTANT: The key to the whole procedure is to ensure that Kaspersky linux mounts all the storage devices as volumes by selecting a drive to scan FIRST. This will not be done if you do not select a drive to scan when prompted, or if you use the 'Skip' button when prompted if the volume is 'dirty'.

Allow it to mount the disks...

Once all the volumes have been mounted, you should see the icons on the Desktop - if not then it won't find the Updates on the USB drive and you will have to reboot!

Make sure you see desktop icons for the USB drive (e.g. sdb1).

MBR-booting from krd.iso with persistence

The instructions to get persistent updates to stay on the E2B USB drive are:

1. Download a recent ISO file from http://support.kaspersky.com/viruses/rescuedisk#downloads - it should be under 'Distributive' and called  kav_rescue_10.iso or krd.iso.

2. Copy it to a menu folder, e.g. \_ISO\MainMenu folder (or \_ISO\ANTIVIRUS or any other menu folder where you want it to be listed).

Create an empty folder called "\Kaspersky Rescue Disk 10.0" on the E2B USB drive now.

Note: For krd.iso 2018 versions, the folder name has changed to \KRD2018_Data. Use this exact name and exact capitalisation.

3. Boot from the ISO menu entry. Ensure that your USB drive (sdb1) volume has been mounted and appears as an icon on the Desktop as well as the C: drive icon (don't abort any dialogs!). If they are not there then reboot and try again.

On first boot to Kaspersky from E2B using this menu, download the updates (you will obviously need an internet connection). They will usually be automatically stored on internal Hard Disk C: by Kaspersky but if it finds the "\Kaspersky Rescue Disk 10.0" folder on the E2B drive, it may copy the updates there instead.

4. When the download of the updates have finished, if the USB \Kaspersky Rescue Disk 10.0 folder is empty, copy the whole "\Kaspersky Rescue Disk 10.0" folder which now contains the updates from C: or sda1 (the internal HDD) to sdx1 which is the USB drive partition 1 (if you only have one hard disk, the USB drive will be sdb1).

Now rename the "C:\Kaspersky Rescue Disk 10.0" folder on the hard disk to something else like 'Junk' to get rid of it.

IMPORTANT: Ensure the update folder \Kaspersky Rescue Disk 10.0 does NOT exist on the Target hard disk in any volume. It must only exist on the E2B USB drive, otherwise it may update the wrong folder.

5. On the next boot, the updates should be found to be already present on USB drive (check you can see the drive icon on the Desktop).

Checks

If you find that the Updates are old or not present...

1. Ensure you can see the sdx1 icon on the Desktop to show it has been mounted as a volume by Kaspersky.

2. Ensure any target system you test does not already have the \Kaspersky Rescue Disk 10.0 folder anywhere on any HDD in the system - if so delete it and reboot from USB.

Always shutdown Kaspersky linux nicely or updates may not be saved!

E2B USB Drive contents when it is all running smoothly are:

\_ISO\MAINMENU\kav_rescue_10.iso
\Kaspersky Rescue Disk 10.0 (or \KRD2018_Data) for 2018+ versions.

Kaspersky 2018 with UEFI (using a two-partition E2B drive)

Converting the ISO to a FAT32 .imgPTN file is easy, however the \KRD2018_Data folder is not found by Kaspersky Rescue if it is in the boot partition, so we cannot simply create this folder inside the new .imgPTN partition (but see section below if you want to do this).

Create or use the second partition of the E2B drive which should have at least 1GB of free space available or else it will not be used (exact size TBD - it works if 4.1 GB free on a 7GB volume).

Then simply create an empty \KRD2018_Data folder on the 2nd partition of the E2B drive and use a .imgPTN23 file extension for the krd imgptn file.

IMPORTANT: For UEFI booting press 'N' for No' when prompted by MakePartImage to AUTOCORRECT the .cfg files because the EFI boot files are signed.

Use Switch_E2B.exe to switch to the krd2018.imgptn23 file.

Edit the \menu.lst file (the large on inside the large .imgPTN file) to add these lines to the bottom of the file:

#use lang=ru for russian

title KAV 32-bit\nBoot to Kaspersky Rescue
kernel /boot/grub/k-x86 net.ifnames=0 lang=en dostartx backstore=alldev
initrd /boot/grub/initrd.xz
boot

title KAV 64-bit\nBoot to Kaspersky Rescue
kernel /boot/grub/k-x86_64 net.ifnames=0 lang=en dostartx backstore=alldev
initrd /boot/grub/initrd.xz
boot

The two partitions on the E2B drive should now be:
Partition 1: Contains a \boot folder and \System folder + other E2B files + \menu.lst (modified)
Partition 2: Contains empty \KRD2018_Data folder

Now you can UEFI or MBR boot (using the new menu entries) and ensure you have an internet connection so that it can download the latest updates. Check that there are now files in the \KRD2018_Data\Bases folder...

If updates do not appear to be persistent, delete any folder on any drive named \KRD2018_Data  except for the folder on the second partition of the E2B USB drive.

You can use the terminal command:
find / -name 'KRD2018_Data'
to find where the data files are located after updating/downloading the updates.

UEFI boot files

Recent Kaspersky 18 UEFI boot files and menus in the ISO are signed and checked (they have .sig files). If you modify the .cfg menu files then it will not UEFI boot. For this reason choose N = for do not AutoCorrect when prompted by MakePartImage when you make the .imgPTN file.

For E2B Fixed-disk USB drives only...

If your USB drive is a hard drive/fixed disk type, you will need to modify the kav-menu.cfg file for persistence, so to work around the signed file issue, find a Ubuntu 64-bit ISO and copy the files from the \EFI\BOOT folder to the same folder on the E2B drive thus overwriting \EFI\BOOT\bootx64.efi on the FAT32 partition. Just Ubuntu's bootx64.efi and grubx64.efi are required for UEFI64 booting.

You will need to modify \boot\grub\x86_64-efi\cfg\kav-menu.cfg to add the backstore=alldev cheat code for persistence to work if you are booting from a USB hard disk

kav-menu.cfg

menuentry "${kav}" {

linux /boot/grub/k-x86_64 net.ifnames=0 lang=${lang} dostartx backstore=alldev

initrd /boot/grub/initrd.xz

}

menuentry "${kav_nomodeset}" {

linux /boot/grub/k-x86_64 net.ifnames=0 nomodeset xforcevesa lang=${lang} dostartx backstore=alldev

initrd /boot/grub/initrd.xz

}

#menuentry "${kav_rescue_text}" {

# linux /boot/grub/k-x86_64 net.ifnames=0 lang=${lang} nox nomodeset

# initrd /boot/grub/initrd.xz

#}

menuentry "${hardware_info}" {

linux /boot/grub/k-x86_64 net.ifnames=0 lang=${lang} docache loadsrm=000-core.srm,003-kl.srm nox hwinfo docheck

initrd /boot/grub/initrd.xz

}

source /boot/grub/${grub_cpu}-${grub_platform}/cfg/boot_from_hard.cfg

Kaspersky 2018 UEFI & MBR  + persistence

As found by Ahmed (see comments), if your E2B USB drive is of the Removable type, you can create a persistent backup store using the Kaspersky linux script in the KRD Desktop Start Menu - System menu, but this does not work when booting from Fixed-disk USB drives (e.g. Corsair GTX, SilverStone M.2 or when using a VM under VirtualBox\QEMU where the USB drive appears as a Fixed-disk).

For persistence to work, you must use a Removable-type USB flash drive unless you modify the .cfg menus...

Note: Only recent versions of KRD2018 include the 'Create persistent volume' menu feature.

1. Drag-and-drop the latest version of KRD2018 onto the MPI_FAT32 Desktop shortcut to create a large .imgPTN file. I chose a size of 2200MB (or 3GB for safety) and a name of KRD2018_2019_08.imgPTNAUTO. You must allow enough free space for the updates (I found that 2000MB was not quite enough by about 16MB!). Do NOT AUTO-CORRECT the configuration files when prompted by MakePartImage as this makes them unsigned.

2. Copy the krd.imgPTN23 file to your E2B \_ISO\ANTIVIRUS folder, make it contiguous and use SWITCH_E2B.exe to switch in the new partition.

If using a Fixed-disk E2B USB drive then do not use the CSM    '1 Boot from this drive (MBR mode)'    boot menu entry if you need persistence because it will not use the backstore=alldev cheat code and you will not get persistence if using a fixed-disk USB drive. 

Instead, add the two new menu entries shown above to the E2B CSM \menu.lst file and the kav-menu.cfg file.

3. Now MBR-boot on a real system to the E2B Removable drive (do not use a VM unless you have the backstore=alldev cheat code in the menu).

4. Accept the licence agreements and perform an update if prompted.

5. Quit the AV scan.

6. Run System - Create persistent volume from the Start Menu and create a krd.bs file of the suggested size - just follow the prompts (do not create a Backup as this will use up all the free space!).

There seems to be a problem with the suggested min and max sizes, so choose a size somewhere between the two  limits suggested by the script.

7. You should be prompted to reboot - so do so.

8. You may see this message if the updates are not stored on a disk :-( ...

Now use the Terminal, you should see that the mount command shows /livemnt/boot is on your E2B USB drive...

and the backstore folder should be apparent...

UEFI-boot error when using Virtual Box?

Note: if testing using a Virtual Machine you may need to remove or rename the \System folder because some VMs UEFI-boot from this MAC UEFI boot folder instead of from the \EFI\boot folder.

This message can also indicate that you need to update the \EFI\boot folder with the Ubuntu EFI boot files as described above because one or more the .cfg files are not original (e.g. they have been edited or altered) and their signatures will no longer match.

KRD.ISO UEFI booting

From a fresh boot to agFM/grubfm/Ventoy or any grub2-based menu system - press TAB key and then c and type set check_signatures=no and then press ESC key and then select and load krd.iso.

Kaspersky signed files

If you are interested in why Kaspersky has added signed file checking (.sig files) for .cfg files, even for UEFI unsecure booting, see here.

Easy2Boot update for installing XP onto modern systems

The current 'released' DriverPack Mass Storage driver pack included in E2B+DPMS is rather old. If want a more recent driver pack, you can download the most recent one from the last post on the forum here (search for TechDud posts and '7z downloads).

There is a problem with the latest current 'nightly' build DP_MassStorage_wnt5_x86-32_1403071.7z

It would not work when installing XP on a Z87 chipset (Intel Series 8) mainboard.

I have modified the INI file, and you can download the new DPMS version from here.

Just unzip it to the \_ISO\e2b\grub\DPMS folder of your E2B drive (if you already have a \_ISO\e2b\grub\DPMS\DriverPack.ini file then delete it and the whole D folder first).

Note: You need at least E2B v1.31 for the new driver pack to work.

E2B v1.32 will have better DPMS driver selection (thanks to chenall who has modified the chkpci utility for me). If your ISO has '2k' or '2k3' in the filename, it will assume it is a Win2k or Win2k3 driver and look for the correct driver. If not, chkpci will only retrieve XP drivers from the DriverPack.ini file.

For XP installs, this means that whereas previously you may have been presented with a choice of several different mass storage drivers for your system (some of which could be Win2K3 orWin2K drivers), now you should only get one driver (for each different type of controller in your system).

Using and remembering strong passwords

Do you use a password manager? It seems to me there is no perfect solution, whether cloud-based like LastPass or locally-based like KeePass. See here for a recent review from PC Pro (Jan 2014) of some of the best choices available.

If cloud based, do you trust the security of the central server or for that matter, the source of the WiFi hot-spot that you happen to be connected to whilst in StarBucks or your hotel? Also, the apps tend not to be free.

If you use a local database, you have to store it somewhere in the cloud so you can access it when you are away from your own systems (e.g. at work or in a cyber cafe or at another office). Also, you have to ensure that the database, which may be kept on various 'local disks', are all synchronised. Keeping your entire password database on a mobile phone is not the most secure of scenarios either!

What we need to do is generate a 'long and strong' password, that is not easily subject to a 'dictionary attack', for each site we use - but make it easily 'recall-able/remember-able'. A few years ago I was looking for a 'hash' algorithm which would create a strong password from a master password 'salt' and another unique 'character string', when I found  Nic Wolff at this site had already done it!

The mechanism is simple and secure (as no password data is passed across the web). It is not as convenient as using a proper password manager (no auto-fill, syncing, etc.) but it is free and you are in control and there are no management/sync/security issues. You can also use it on your mobile devices too (or even off-line if you save the html source file somewhere handy).

Do you use the same password for several sites? Well, use this generator and you can still use just the same password (as a 'master password')  but it will generate a unique, strong password for each different site.

As I could never remember the URL for Nic's site, I simply copied and modified his code and added it to a page on my easy2boot site here. Try it out (no data is sent or recorded - honest!).

Feel free to add Nic's code to your own site and modify it, or just use my page to generate your passwords (accessible from the Easy2Boot SiteMap page).

You can make up your own 'rules' on how you use it - for instance, you could precede the Master password with the first letter of the site (e.g. Bmypwd for Barclays and Nmypwd for Nat West, etc.). Or add a letter and a number. Just think of a rule and stick to it for all sites and passwords.

If only there was a nice, easily-remembered URL that everyone could use... If I get enough +ve feedback, maybe I will register one just for this type of password generation with a nice short, easily remembered name.

[Edit 2014-03-30] It seems there is already a Chrome Extension called PassWordChameleon which does pretty much exactly what Nic's code does (not sure which came first!). He also has a website but it's certificate is no longer valid.

There is still the outstanding problem of changing the password however. It is good practise (and often you are forced) to change or reset your password. So we still have a problem with this method because we would need 3 or 4 'secret password' keys and we would have to try each in turn until we found the one that we used previously. Some sites would still use the first secret password key, other sites where we have to change the password, would require a new secret password.

An idea for all sites that require a login and password

Wouldn't it be a better idea, if instead of requesting a single weak password which can be dictionary attacked, sites provided a similar 'salt+password' hash technique? For example, the site would ask us for TWO words or phrases and then hash them first before sending the hash to the site's server. That way a strong password is always sent across t'internet even if we only enter in two 'weak' ones. Or, the website could just prompt for a password as normal but then hash it with the site's name to make a strong password which is the password that is actually sent to the website server and recorded. That way we can use the same password for all sites, but the 'actual' password is a strong password which is different for all sites (and each site could encode it in a different way too).

- o -

P.S. Many years ago, when Phishing sites were just starting to spring up, I wrote a letter which was published in the UK publication Computer Weekly, suggesting that Phishing could be prevented if we told the site during registration, of a preferred phrase or picture etc. that we would recognise when we accessed the same site at a later date. That way, after we provided a user name, but before we entered the password, we could check that the site was the correct one because we would recognise the phrase or picture that it would display to us. Roll on a few years and now a great many sites use this anti-Phishing security feature which I believe I was (at least, one of) the first to suggest. I wish I had patented it now!

My shiny (well, matt black actually) new Windows 8.1 system!

If you are thinking of buying or building a new PC in the near future, here is a breakdown of my system that I built last week to replace my old 2007 Dell Inspiron 530. These components were bought from eBuyer, though other retailers are available...  ;-)

Click on the QuickFind numbers to view them on the eBuyer website (I don't get commission - honest!)

Qty	Product Description	QuickFind			Cost (ex VAT)	Line Cost
1 x	Asus Z87-A C2 Socket 1150 VGA DVI HDMI DisplayPort 7.1 Channel Audio ATX Motherboard	569395			£85.80	£85.80
1 x	Intel Core i5 4670K 3.40GHz Socket 1150 6MB Cache Retail Boxed Processor	467647			£142.28	£142.28
1 x	Cooler Master N-Series N600 - USB 3.0 ATX Case	512240			£54.15	£54.15
1 x	G-Skill 8GB (2x4GB) DDR3 1600Mhz RipjawsX Memory Kit CL9 (9-9-9-24) 1.5V	264750			£58.17	£58.17
1 x	Corsair 500W CX Builder 80 Plus Bronze PSU 3 Year Warranty	278634			£39.15	£39.15
1 x	Seagate Desktop SSHD 2TB 64MB Cache SATA 6 Gb/s 8GB SSD Cache hybrid HDD	544878			£75.89	£75.89
P.S. Due to the 12V minimum load power requirements of the CX 500, it seems this is not a compatible PSU for Haswell boards. I had power-on issues when just powering a few SSD hard disks in this PC (i.e with no graphics card). Corsair recommend the CX750 and CX750M or any of the GS, TX, TX-M, HX, AX Gold, AX Platinum or AXi Series.

Including VAT this came to  £546 + another £73 for Windows 8.1 OEM.

An equivalent ready-made system would have been well over £700 and I would not have got the front 2xUSB 2.0 + 2xUSB 3.0 ports which was a major requirement for me (and possibly would not have got such a good UEFI BIOS and decent mainboard either).
Note: It turns out, the Z87 BIOS will boot from both FAT and NTFS partitions! The firmware will look for a \EFI\BOOT\bootx64.efi boot file on the first 'readable' partition of a USB disk, where 'first' means it has a starting LBA address lower than the other partitions (i.e. it is not determined by the partition table entry order, but by where each partition starts on the disk).

I added to this a 120GB SSD drive and a DVD-RW drive which I already had. The 120GB SSD drive is for quickly installing and removing OS's and general experimentation. I intend to add more drives later.

The Asus Z87-A has a versatile UEFI firmware interface (UEFI BIOS) which was one of my main requirements as well as being a reliable mainboard with decent (Japanese) low-ESD capacitors and VRMs that would last a few years! Less expensive Asus Z87 boards are available if you want to save a few £££s with less PCIe slots, no overclocking and without Display Port. You have to pay for quality.

The Cooler Master N600 case is pretty quiet and doesn't look like the 'General Lee' whilst sitting on my desk! It does have a 'go-faster stripes' blue LED inside the front fan, but it also has a front-panel button to turn the LED off! Pretty much the whole case is made of nicely perforated metal sheeting (it is rather like it is dressed in a filmy black negligee.. OK, I must wake up now and carry on writing this blog, uhhh... where was I? Oh, yes...). The case has two front USB 2.0 ports and two USB 3.0 ports situated half-way down the front panel on the right. This means I can conveniently use both types of USB ports. Many systems with USB 3.0 ports had the ports situated at the top of the case or did not have both front USB 3.0 and USB 2.0 ports. With the ports on the top of the case, I would have to stand up every time I needed to view the ports and insert a USB drive - not exactly convenient!

The more observant amongst you may notice that I have not added an extra graphics card to the system. The integrated Intel 4600 is pretty good for non-gamer, 2D work, and unless I fork out another £100 or so, I won't see much improvement. So, for now at least, I am not going to add an expensive graphics card as I am not currently into gaming (though I may regress one day - do they still sell Duke Nukem 3D?).

The only thing I might change, in hindsight, would be the power supply due to the cables that came with it. The Corsair 500W CX had 5 SATA hard drive power connectors, but they were configured on two power leads, one with 2 connectors and one with 3 connectors. The spacing between each connector however was far too short. As the Cooler Master had a 5.25" bay, a 3.5" bay and a 3.5/2.5" bay and I had one drive in each bay, I had trouble reaching all three drives using just the two cables! A 4-pin-Molex-to-SATA power converter cable proved handy at this point!
Note that if you want to add two high-performance SLI graphics cards (which I won't be doing), you may need a slightly higher-rated PSU to cope with the increased Amperage!

The CPU is overclocked (though I have just used the BIOS 'default' overclock 'Auto' settings for now) and the stock Intel cooler seems both adequate and quiet. It boots from the SSD or the Seagate hybrid drive to the Desktop in under 10 seconds and is very responsive. The overall PassMark PC Benchmark score running from the Seagate HDD was 2133. If I had run from the SSD it would have been even higher, only let down by the 3D graphics scores. Performance is equivalent to many i7 systems with CPU-Z showing it runs at 4.2GHz on occasion during some of the benchmarks. The memory benchmark score was particularly impressive.

Click the screenshot to enlarge it

I still have plenty of room for expansion (2 free PCIe graphics slots, 2 free DIMM slots and loads of drive bays) so this system should last me for years.

The Dell Inspiron 530 has performed well over the years and never let me down (though I had upgraded it's CPU, graphics, hard drives and memory over time). It now looks rather sad sitting in the corner, all by itself...

Follow up: Read this blog post on how I tracked down and fixed a problem with my wireless mouse on this system.

P.P.S. The stock CPU heatsink+fan assembly turned out to be inadequate when overclocking the CPU and stressing it (it reached 100 deg C and started thermal throttling). If you intend thrash the system or use it for gaming, I would suggest getting a better CPU heatsink solution.
Also the CX500 PSU seemed to have problems with my low-power Haswell CPU (especially after going into CPU Standby low-power mode - it wouldn't power up again!).  I had to connect an old IDE HDD in order to get more power drain on both the 5V and 12V rails before it would power up but even this proved unreliable unless I added some resistors to draw even more power. The Corsair CX750 or CXM750 is a single-rail PSU and does not have these issues with modern low-power CPUs. I eventually replaced my CX500 with a CX750 and had no more power-on issues.

Adding KonBoot to Easy2Boot (with UEFI support)

KonBoot is no longer free, but for only $27 it is well worth adding to your Easy2Boot multiboot USB drive.

The  version 2.7 will work on all Windows systems from XP to Win 10. Kon-Boot now is able to bypass online account authorization on Windows 8/8.1. On Windows 10 only local account authorization bypass is available (with the possibility to add new administrator account automatically by using StickyKeys + command line).

Version 3.4 will also work on online (email address) accounts if you buy the Commercial License.

Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit)	Yes (FULL SUPPORT (normal BIOS + UEFI BIOS)). Local and online authorization.
Microsoft Windows 10 all versions (32Bit/64Bit)	Yes (FULL SUPPORT (normal BIOS + UEFI BIOS)). Local authorization bypass only. Local administrator account can be added automatically (USB only)

Kon-boot 2.7 has a new feature present called automatic powershell script execution. This feature is present only in COMMERCIAL LICENSES (UEFI64 mode only, Windows 8 x64/Windows 10 x64).

Not supported: Disk encryption, tablets (includes Microsoft Surface hybrid), multiple operating systems installed on target computer, kernel debuggers, enabled secure boot, virtualization software (VMware, QEMU, VirtualBox), authorization through domain. CD and Floppy versions are deprecated (but still in the package for compatibility reasons). 

Kon-Boot will not bypass authentication of domain controllers. Although there are instances where a client computer will locally cache a domain login, and Kon-Boot may work in this case. You can use the Sticky Keys Feature to add new local system administrator account.

The KonBoot manual is here.

Tip: always enter a 'dummy' password - do not leave the password blank when logging in.
If the system is on a Domain, disconnect the Ethernet cable and disable WiFi in the BIOS if it is used in case there is a locally cached user account.

Note: Newer licensed versions of KonBoot (2.7+) are locked to the particular Serial number, Product ID and Vendor ID of the USB flash drive, so unless the E2B USB drive is also registered as the KonBoot licensed drive, KonBoot will report an error (red GURU meditation error - see KonBoot FAQ). Unfortunately, the maximum size of flash drive allowed by the KonBoot installer is only 16GB which is not much use for a multiboot USB drive! 

When the install application is run, the file bootx64.efi will contain the flash drive details in an encrypted form. The KonWin.efi file is unaltered. To see which USB drive was originally used, see the konlog.txt log file in the installation file folder. e.g. '+ Got usb vendor="LEXARWN" / product="USB_FLASH_DRIVE" / serial="PX4EZAS2LRKRF5J20JN9".'

Details of how to make a UEFI64 Secure Bootable version of KonBoot are in eBook #4. 

UEFI or MBR?

You can use Windows Disk Manager to see if there is an EFI System Partition on your boot disk - if so then your system probably uses UEFI to boot to Windows.

Alternatively, just run MSINFO32 and look for the BIOS Mode  UEFI (or Legacy) entry.

MBR-booting

For the .img file, simply change the .img file extension to .imgfdhd01 and add it to the E2B USB drive.

Alternatively, copy the kon-bootFLOPPY\kon-bootFLOPPY.img file to the (say) \_ISO\MAINMENU\MNU folder of your Easy2Boot USB drive and also the FD0-konboot-v2.1.mnu file from the \_ISO\docs\Sample mnu files folder. Then change the title in the .mnu file to suit your version of KonBoot.

Note: Some systems do not show the Kon-Boot multi-colour, ASCII character boot screen (it just hangs with a black screen). The sample .mnu files in E2B v1.91A and later versions contain a special second menu entry with a patch to fix this issue.

You should find that the floppy image will work for all versions of Windows except if the system uses UEFI instead of the BIOS. Most new Windows 8/10 systems will use UEFI booting and contain GPT partitions instead of 'Simple' partitions.

UEFI-booting

To use KonBoot on a UEFI Windows system, you need to add the KonBoot EFI files to the Easy2Boot USB drive.

Recomended: SanDisk Extreme Pro 128GB (#ad)

 

The best way to achieve this is to make use of a spare FAT32 USB Flash drive and use the KonBoot script provided to make a new KonBoot flash drive. Then, once the drive has been confirmed as working (there should be a \EFI folder on it and it should UEFI-boot), simply convert it to a FAT32 .imgPTN file and add the file to your Easy2Boot USB drive as follows:

Make a .imgPTN KonBoot image for Windows UEFI-system and MBR systems

1. Create a small (any size) single-partition FAT32 USB drive containing KonBoot in the way they suggest. Ensure that the \EFI folder is present on the USB drive for UEFI-booting.
2. Test it works on a Mac or UEFI system and a normal BIOS system.
3. Convert the USB flash drive to a FAT32 .imgPTN file using the E2B MPI ToolKit (drag-and-drop the USB drive letter onto the MPI_FAT32 Desktop shortcut).
4. Copy the .imgPTN file to your E2B drive
5. Boot it (in MBR mode) and switch to the .imgPTN partition - you can do this loads of ways:
   a. Real BIOS system
   b. Use the QEMU_MENU_TEST.cmd file on the E2B USB drive
   c. RMPrepUSB - QEMU
   d. VirtualBox
   e. MobaLiveCD.exe
   f. Some other VM like VMWare that can boot from a USB drive
   Alternatively, run \_ISO\SWITCH_E2B.exe and select the .imgPTN KonBoot file to switch it in.
6. You should see the CSM menu when you MBR boot to the E2B USB drive.
7. Ensure the volume label of the FAT32 partition is KONBOOT.
8. Now connect the E2B USB drive to the Mac or UEFI system and see if it boots (hold down left-alt key whilst booting for MAC)
   You can also use it on MBR systems too.
   You may need to disable Secure Boot in the firmware first.
9. When you have finished, you must return the E2B drive to it's normal E2B state - it can be done in a number of ways:
   a. boot it in a VM\emulator as listed above and choose option 0
   b. Under Windows, run the \e2b\Restore_E2B .cmd file
   c. Run \e2b\SWITCH_E2B.exe under Windows and click on the 'Restore E2B partitions' button.

Alternative method (no flash drive required)

You can make a .imgPTN file for Windows systems without needing to prepare a flash drive:

1. Create an empty folder called 'KonBoot' on your Windows Desktop
2. Copy the EFI folder and it's contents to the new KonBoot folder (.\KonBoot\EFI\...)
3. Copy the contents of the kon-bootUSB\USBFILES folder to the new KonBoot folder, so that the KonBoot now folder has the konboot.img + others files in it.

You can delete the grldr and menu.lst files if you wish as they are not needed.

4. Drag-and-drop the KonBoot Desktop folder onto the MPI_FAT32 Desktop shortcut - if prompted to combine the menu.lst files, answer No.

Booting KonBoot on a UEFI system

To run KonBoot on a UEFI Windows system:
1. Connect the E2B USB drive to the target system - it must be in the CSM mode after having selected the KonBoot .imgPTN file from the E2B menu.
2. Enter the BIOS configuration menu and ensure that Secure Boot is set to Disable
3. Select the E2B USB drive as the boot device but ensure it is listed as a UEFI Boot device
4. KonBoot should load via EFI and then boot to Windows (if the E2B menu loads then you have not booted via UEFI!)
5. If the system reboots before you get to the User login, use the BIOS menu to boot from the E2B USB UEFI drive again - this is sometimes necessary when more than one Windows installation is present on the system.
6. Always enter a dummy password (don't leave it blank).

If Win10 domain login or online login, press the SHIFT key 5 times to get an admin console and create a local Admin user account (see KonBoot guide).

Alternative UEFI-boot method (not recommended)

An alternative - which may not be successful on all systems is:

1. The E2B USB drive MUST be formatted as FAT32 and should be the first partition on the drive (first entry in the partition table in the MBR).
2. Copy the whole EFI folder from the kon-boot USB folder to the root of your E2B drive so you will have a \EFI folder on your E2B drive.
3. The volume name may need to be KONBOOT instead of E2B for Kon-Boot v3 or later.

Note: Some BIOSes will not recognise the disk as UEFI-bootable unless the FAT32 partition is the only partition on the USB drive. Some BIOSes will not UEFI-boot if the FAT32 partition is the 2nd partition on the drive (e.g. NTFS+FAT32). Some BIOSes will not MBR-boot if valid \EFI boot files are present. This means that you will not be able to boot to the E2B or CSM menu on these systems as they only offer you the UEFI boot option!

E2B UtilMan and SetHC hack feature

E2B v1.92+ contains a useful automated way to use the UtilMan.exe hack for Windows XP-10 which works on all (unencrypted) Windows OS's. Since KonBoot has to rely on the same 'StickyKeys' bypass method for Windows 10 accounts with online authentication, you can use this method for free and it requires no typing of commands from the user either!

SuperFast USB 3 SSD M.2 enclosure (#ad)

Outdated instructions:

Using KonBoot UEFI with an Easy2Boot NTFS drive

Note: The instructions below are outdated and deprecated. I recommend you use MakePartImage to make a partition image (.imgPTN file) from a working KonBoot USB Flash drive.

If you want to have an NTFS EasyBoot USB drive and still be able to boot the UEFI version of KonBoot, you need to modify your E2B USB drive so that the first partition is a small (any size) FAT32 partition which holds the EFI KonBoot files.

Note: this may not work for many UEFI systems. Most UEFI systems will only recognise a Simple Volume (MBR) drive if there is only one partition on it which must be FAT32. It is best to use a .imgPTN image file as described above which will work on all systems.

This can easily be done with a 3rd-party utility such as Easeus Partition Master.

Partition 1: FAT32 Primary
    \EFI\boot\  (4 KonBoot .efi files)

Partition 2: NTFS Primary
    \_ISO        (easy2boot files)

Once you have made the FAT32 Primary partition, just copy the KonBoot EFI folder into it. Do NOT copy the KonBoot grldr, menu.lst or any other files to the FAT32 partition.

If the USB drive does not boot to E2B, re-install grub4dos using RMPrepUSB (it is best not to copy the grldr to the FAT32 partition so that the grldr file on the E2B NTFS partition is used instead).

If you are using a USB Removable Flash drive, the 2nd NTFS partition will no longer be accessible to Windows. You can gain access by using CTRL+O in RMPrepUSB to re-order the partitions.

Many UEFI systems may boot from the FAT32 partitition even if the FAT32 partition is the 2nd partition, but you will have more success if you ensure that the FAT32 partition is the first partition on the USB drive. Always use RMPrepUSB CTRL+O to ensure that the FAT32 partition is the first partition before you use it for UEFI KonBoot testing.

Tip: Add the E2B_PTN_SWAP.mnu menu file to your E2B MAINMENU folder and then you can swap over the two partitions from within E2B.

Note: New .imgPTN support in E2B v1.32 allows KonBoot UEFI to work on all (?) systems.

UAC and editing files with NotePad++

I recently built a new Windows 8.1 system. Previously I used a Windows 7 system and logged in as Administrator with UAC disabled, but on my new system I thought I would try to use it as 'Bill' intended!

After installing NotePad++, I found that I could not save any files that were in a 'protected' folder location such as C:\ or C:\Program Files\xxxx. Futhermore, if I simply changed the Properties of the NotePad++.exe file to run as Administrator, then right-clicking on a file and selecting 'Open with NotePad++' no longer worked and I always got this error mesage:

This is what to do to solve the problem:

1. Make a copy of the NotePad++.exe file in the same "C:\Program Files (x86)\Notepad++" folder and rename it as "notepad++ Admin.exe" (or as you wish)

2. Right-click on it - Properties - Compatibility - 'Run this program as an Administrator'

3. Download and install Context Edit from http://www.softpedia.com/progDownload/ContextEdit-Download-78704.html

4. Run Context Editor as Administrator (right-click on the Desktop icon it creates - choose 'Run as administrator')

5. Click on New and create a new entry (under 'All files, regardless of extension'):

 My command line for box 4 was:
"C:\Program Files (x86)\Notepad++\notepad++ Admin.exe" "%1"



Now, when I right-click on a file, I choose the new NotePad++_Admin entry and it works correctly:

I do still get a UAC prompt however, but at least it works!