Understanding Buffer Overruns

If you read any number of security alerts from Microsoft, including the latest one on Windows Media Player, you'll find that the terms 'unchecked buffer' and 'buffer overrun' make frequent appearances. These bits of jargon get tossed around as if they're comprehensible to normal humans (Geek Speak Definition - 'non-programmers').

Well, if you can't distinguish a buffer overrun from a fun run in the buff, never fear - you're with the majority, including those who blithely bandy the term about when they report the latest security announcement from Microsoft.

Considering the use of buffer overruns is one of the most popular techniques used by hackers to exploit vulnerable programs, it's worth having at least a basic understanding of these terms, so here's a quickie explanation which should help you out:

A buffer is a section of memory used as a temporary holding area by a program while it runs. When programmers make use of buffers, they usually include a little routine that checks to ensure that anything that's written into the buffer can fit in the allocated space. If the programmer fails to do this, you have what is called an unchecked buffer.

Now, if a hacker comes along and finds such an unchecked buffer, he or she can make use of it by writing a bunch of data to it. If there's more data than the buffer can accommodate, the excess will spill out of the buffer and start filling up space outside the buffer. That's a buffer overrun.

If the data written to the buffer and beyond is simply data, the likely result is that the program will crash. If the data written to the buffer is a piece of program code, then things get a lot more interesting. If the hacker does the latter and crafts his or her code carefully, it's possible to change the functioning of the original program itself.

If you'd like to read more, check out David Litchfield's article,
Exploiting Windows NT Buffer Overruns.  

Buffer Underrun: A buffer underrun error occurs when data (such as MP3s, PC files, digital images, and so on) is being recorded onto a CD and the data-input stream falls behind the laser that is burning the CD. Usually, buffer underrun results from poor CD recording software, a slow computer, or a CD-R drive with insufficient buffer memory.

Every new version of Windows is just a little more bloated with features than the one before it, and Windows Millennium Edition is no exception. When there's a lot going on inside an operating system, it's easy for things to slow down a bit on the outside.

Refine Your Palette
Here's a speed tweak that will actually work for all versions of Windows, including Me. Just lower the depth of the color palette you're using. You probably won't be able to tell the difference between a 16-bit (high color) and 32-bit (true color) palette, but you'll definitely notice the difference when you are able to run a 3D game 30 percent faster at a lower color level. And if your graphics driver gives you a 24-bit color option between those two, you can split the difference between display quality and speed.

Right-click your desktop, and select Properties.
Select Settings from the display options box that appears. Choose your color level and click Apply.
Look under the Advanced button to make sure your refresh rate hasn't changed.

Stuck in the Web
Uncheck the "Show Web content on my Active Desktop" option to speed up Me's performance.
The Web option in the Display properties' option box (reached by right-clicking the desktop and selecting Properties) will let you view your Active Desktop as a Web page, giving you a consistent user interface both on and off the Internet. With some graphics cards, however, this change will also slow down your 2D graphics speed by as much as 50 percent. It's probably best to leave the "Show Web content on my Active Desktop" option unchecked--that is, unless you want your desktop to chug just as slowly as the Net often does.

Restore Your Performance
Among the extra features proffered by Windows Me is System Restore. System Restore is the techie version of the do-over: It brings your PC back to the given point before a certain event (say, for example, when a new driver crashes). Sounds like a great feature for those of us with crash-prone PCs, right? The only problem, however, is that Windows keeps track of the events in real time--and that can drag your overall system performance down by as much as a third. If you're feeling lucky, or if you don't plan on introducing anything new into your operating environment for a while, you can disable the feature by following these steps:

Click the Start button, then click Settings, followed by Control Panel.
When the Control Panel appears, double-click the System icon, click the Performance tab, and then the File System button.
Click the Troubleshooting tab and make sure that the Disable System Restore option is checked.

Speed Up Your Drive with Disk Defragmenter
Under Windows Me, the Disk Defragmenter does more than simply group together the disparate parts of files. It also has a new technology that reorders the clusters of the program files you use the most so that the programs will run faster. Some programs (most notably Microsoft Office programs) tend to start up considerably faster after you defrag. The first time you run Defrag, you'll see an optimization wizard that sets up a log of program usage to aid in speeding up the programs you use most often.

Speed Up Your Boot Cycle
Want to shave a few seconds off your already interminable boot cycle? You can, but you have to hack a different system file from the usual Registry suspects--the msdos.sys file. It's a text file, so you can use Notepad to make alterations. However, the file is hidden and read-only, so you can't easily find it or quickly edit it--unless you know the secret:

1. Select Search/For Files or Folders from the Start menu.
2. Enter msdos.sys in the Named box and C: in the Look In box; then click the Find Now button.
3. When the file appears, right-click it and select Properties from the pop-up menu.
4. Click to remove the check marks from the Read-Only and Hidden attributes and click OK.
5. Right-click msdos.sys again and select Open With from the pop-up menu.
6. Enter Notepad as the opening program and click OK.
7. Under [Options], enter BootDelay=0 or BootDelay=1 on its own line. (They represent respective delays of zero seconds and one second, both of which are faster than the default.)
8. Close Notepad after saving your changes.
9. Return msdos.sys to its hidden, read-only state. (Right-click it, select Properties from the pop-up menu, and check the Read-Only and Hidden check boxes; then click OK.)
10. Quit and restart Windows.

Warning: Tweaking the Registry is risky; you're taking your system into your own hands. To be safe, manually back up the Registry before you make any changes.

Keep Your System Fresh
The Windows Maintenance Wizard is a Windows Me utility that can flush your browser caches and temp folders, check the hard disk for errors (including bad sectors on the surface of the disk), and defragment your hard drive thoroughly. This program takes an exceedingly long time to get the job done, but fortunately you can schedule the maintenance and save yourself the wait. To schedule maintenance, select Start/Programs/Accessories/System Tools/Maintenance Wizard. Choose Express, and follow the prompts to set the time and frequency. Click OK, and watch as the Task Scheduler icon appears in the Taskbar's system tray. Remember to leave your computer running at the scheduled time, and the system will do the rest.

Once you've chosen your options, you can run the Maintenance Wizard at any time by choosing Start/Programs/Accessories/System Tools/Maintenance Wizard and selecting Perform Maintenance Now.

You can always manually choose to back up system files. Plan on doing this before you install a new piece of software or hardware.

Check Those System Files
Having problems in Windows Me? Your system files might be out of whack. Run the System File Checker and all could be right again! Click the Start Button, select Run, enter SFC, and hit Enter. You can configure it to search for deleted or missing files, older files, files in certain subdirectories, and so on. It's best to use this utility only if you're having continuous problems with Windows Me.

Protect Your System From Unstable Files
The installation of new software in Windows sometimes overwrites shared files of other application software--mostly dynamic linked libraries (.dlls) and executables (.exes). These file version mismatches often lead to an unstable application, if not an overall Windows system crash. Microsoft has provided a solution in Windows Me.

The System File Protection (SFP) prevents a user from installing software that might make the operating system unstable. With software that either overwrites newer files with older files, or overwrites files with modified versions and renames them, Windows Me now monitors these types of installations.

If a program attempts to load an older or different version of an existing file, Windows Me will first store the original, then check a catalogue to see if the new or modified file can safely replace the original. If it can, Windows Me allows the installation. If it is not a valid replacement, Windows Me restores the original. The best part of this new feature is that all this happens without the user having to respond.

A list of protected files is included on the Windows Millennium Edition product CD in the Windows\System\Restore directory. Drivers, in general, are not protected unless they ship with the Windows Me operating system and are digitally signed.

Software vendors will also have to do their part. Software developers writing for Me should modify their installation programs to install only files to which their company has exclusive ownership. And if a modified version of a system file must be used, that file should be renamed to prevent potential version conflicts with other application software. As with previous versions of Windows, users should of course look for software that is compatible with Windows Me.

Diagnose System Problems - The doctor is in.
If you're getting a lot of system errors, sometimes the Windows program Dr. Watson can figure out what ails your computer. It will diagnose problems, intercept errors from your software, and prescribe a course of action. Keep in mind that Dr. Watson does not load by default. To run Dr. Watson, you must go to your Windows folder and open the Dr. Watson (drwatson.exe) program. It's a good idea to have Dr. Watson load on start-up until you have worked out all the bugs; to do this, drag the program or a shortcut to your Startup folder.

