@noone_particular XPLite Pro list shows 150 components that could be removed. Is it possible to remove all those components and have a fully functional OS ? Some components may need to be replaced with third-party software, but removing to much might cause issues with OS itself and apps. The trial version is showing 49 components that could be removed.
A lot of those options are for special purpose systems and shouldn't be removed, even from a stripped down desktop. I haven't explored how far the process can be pushed. It'll be a while before I can get back to that.
Welcome to Wilders. I've never seen a lot of point to using DNSCrypt. Even with the DNS itself encrypted, your system goes to the site immediately afterwards. Any adversary that can see your DNS traffic can see where your system connects afterwards. The exceptions would be Tor or VPNs in which case their nodes would be handling the DNS. I'm at a loss as to what is gained by encrypting DNS. Regarding Google APIs and similar, Request Policy can deal with those as can blocking their IPs with a firewall. Regarding Privoxy, I haven't tried it in a long time. I wish it had a GUI similar to Proxomitron, and an easy way to import Proxomitron rulsesets. Proxomitron isn't one of the more user friendly applications to start with. I've found Privoxy to be worse unless one is very comfortable with text based configuration files in addition to HTML and javascript.
XPlite Free Trial Add/Remove Components List. Accessibility Options: Accessibility Mouse Cursors Accessibility Wizard // hidden by default in Windows sysoc.inf file. Magnifier Narrator On-Screen Keyboard Utility Manager Accessories: Calculator Character Map Clipboard Viewer Default My Pictures Desktop Bitmaps Desktop Wallpapers Document Templates Mouse Pointers Paint Screen Savers - OpenGL Screen Savers - Standard WordPad // hidden by default in Windows sysoc.inf file. Games: Freecell Hearts Internet Games Minesweeper Pinball // hidden by default in Windows sysoc.inf file. Solitaire Spider Solitaire Multimedia: ATI SP1 Driver Utopia Sound Scheme Windows Movie Maker Windows XP Sound Theme // Can be modified through Sounds and Audio Devices Properties > Sounds tab Operating System Options: Microsoft Agent Microsoft Speech API Search Assistant Windows Tour Server Components: Indexing Service Indexing Service language resources (13 languages) System Services: Universal Plug and Play System Tools and Utilities: ZIP Compressed Folders NOTE: Over half of these components could be removed through using the Windows Components Wizard. XPLite has to be run in Administrator account. Additional manual cleanup of files may be required in LUA.
In dealing with my current system, I've been digging deeper into Kerio. So many things to do, I simply haven't had time to give Kerio the attention I would like. In particular, I'm interested to see what Firefox is doing when I boot up and go online. Whats been getting my attention is a number of outgoing connections (1/2dozen or so) appearing in the Firewall logs and alerts. Also been using TCPView to get ip addresses. I find it really irritating that there's numerous callouts to google for no good reason. For example, when I come to Wilders, there's regular Outgoing connections to cache.googlevideo (Owner Firefox). I don't see why this should be so. What I'm doing at Wilders has nothing to do with Google, though I wonder if this is just another case of websites being so integrated with the Google Monster that that's just how it is, or is it solely a Firefox thing?. In any case I wonder if SeaMonkey does this too. Haven't installed it yet. Interestingly when I blocked the ip range 122.56.115.0 > 122.56.115.255 for this aspect of Googles over-reach I got a raft of about 50 attempts trying to connect out to cache.googlevideo this time all blocked, but trying with different ips. Before this, the connection was "permitted", and I only got 2 entries, but these happened regularly.
I've never noticed any connection attempts to Google when visiting Wilders. I'd suspect that it's FireFox initiating those connections (part of the feature creep that infests current browsers) with Wilders having nothing to do with it. I'm the wrong person to advise you on how to un-Google FireFox. That said, you could start with about:config and search for every entry that contains Google. Back up the browsers configuration files or make a system backup, then start removing entries that contain Google. That kind of feature creep (or corporate infestation) is one of the main reasons that I don't run the most current browsers. The few security fixes that they contain come at a price.
Don't recall any connection attempts either to Google when at Wilders. Haven't used Firefox for sometime now, though. How much has changed with Mozilla I don't follow like I used to. Most info I find is on forums I happen to visit. Sounds like it could be the browser. Always good to know what's connecting out and use Kerio for some IP address filtering as well.
Well.... Here's what I was getting a couple of days ago when I started digging about this. Just as a matter of interest these 2 entries are when it WAS allowed to connect out... (there would only be 2 entries such as this below.. with varying ip addresses of course) Now see what happens when you block them .... (they die a very hard death don't you think?) Here it is right in the middle of Hushmail...NOTHING to do with Google. Even though I've blocked FF from any updates this is what we have: Noone, can I ask, what version of SeaMonkey you are on?
The virtual test system has the current version. I haven't yet looked at whether it's calling home. On the real system, I'm running 2.0.14.
@Reality The last version of SeaMonkey I used was 2.30. Noone could probably verify , but don't recall it connecting out to Google. Phoning home might be a different story though , but could be wrong. I would have to reinstall it and test that version.
SeaMonkey does phone home to check for updates to itself and to extensions and plugins unless you specifically disable it.
My Seamonkey is v.2.33.1. Besides infrequent checking for updates, it connects to NoScript server hackademix dot net using https, and to google server port 80 hosted on verizon. Also to ocsp.comodoca dot com port 80. I recall reading long ago that verizon has those google servers for (besides spying) youtube to be nice and fast, which it is. And those connections occur first. Then I get Wilders connection.
Thanks. I just dug into the XP Pro Drive where it is installed and it's 2.26.1 I'm taking it you are excluding Firewall settings. Those 3 I specifically disabled through various interface settings in FF (not in about:config) and yet it still does phone home behind your back on numerous occasions and I'm on version 27. I'd hate to say what it's doing now. Time for me to get busy with SeaMonkey once again. ANY phoning home without my say so I view with the utmost suspicion and disgust. @Compu KTed -thanks @act8192 - Hackademix, ocsp.comodoca those were in my list I was going to ask about. I did a search on them, but didn't see anything about hackademix being a noscript server, so thanks for that. comodoca is something to do with certificates, so Im taking it that is legit?. All of this traffic analysis is new to me and 'm keen to learn what is normal as apposed to what should be treated with suspicion. Another one I'm puzzled and suspicous about is why should FF be phoning out to routit.net an ISP in the Netherlands. Does anyone know anything about that? Anyway, I got the ip address ranges and so far I've successfully choked that. I haven't had time to scrutinize just how many times this behaviour is happening in a browsing session or if theres a pattern, but it is far more than it needs to AFAIC. I can only conclude it is for spying. I'm at a loss to understand why any user needs to tentatively call out to a Google server before the fact. What am I missing? How would that speed up youtube and what if you had no intentions of going to youtube anyway?
Perhaps you are seeing NoScript's WAN IP check? Said issues a request to the URL specified via noscript.ABE.wanIpCheckURL preference, which is: https://secure.informaction.com/ipecho/. The secure.informaction.com host has multiple A records which reverse lookup to *.hackademix.net hosts, and it uses a Comodo issued certificate. Informaction.com and hackademix.net are Giorgio Maone (NoScript author) domains. Reverse lookups are informative, but if you are investigating phone-home you'll often want to look for the hostname that appears in forward queries if not the full URL that is being requested. In the case of a NoScript WAN IP check, the additional information in the full URL provides a clue as to the purpose. However, if you had seen secure.informaction.com and searched about:config for that host you would have found that it is associated with NoScript and could go from there.
Ouch. In post#688 I failed to mention that the primary reason for connecting to google is for SeaMonkey to collect phishing sites for their "safe browsing" feature. It's built in since several versions back. Not an extra plugin. As far as the secondary youtube comment - when the server is at your ISP, youtube works faster when the packets don't have to travel all over the globe to reach you.
On SeaMonkey version 2.30 the default search engine is Google in browser preferences. Can be removed. Home page directs to seamonkey -project .org/start which could be set to a blank page on startup. Kerio popups I've seen on SeaMonkey default settings. Other ICMP > Destination Unreachable < Remote enpoint address: <DNS server> localhost (127.0.0.1) TCP Out (loopback rule) Protocol: TCP Direction: Out Host Address: 63.245.217.20. (home page) Remote Port number: 80 NoScript connections at least with Pale Moon and most likely SeaMonkey can be as mentioned configured through NoScript options. I like to remove default Whitelists in extensions and build from there.
I have safe browsing disabled. Regarding the bold... so Google actually has their servers placed physically at ISPs around the world? Sorry if I'm misunderstanding you.
Ive just installed SeaMonkey 2.0.14. so I can at least be on the earliest recognized version amongst us that works, plus it should save some legwork once I get Proxo up and running again. Of course the Google Monster is the default search engine. It's one of the first things I ditched but the problem is there's not a lot of option for expansion. How can I put Startpage in myself WITHOUT going to Startpage and having them do it for me. I've used the blank Page at startup. Since earlier discussions throughout thread, Ive done away with whitelists. Is there anything wrong with this thinking: I like to install things if possible OFFLINE, so that things don't call out while installing and this includes addons and extensions. I have Kerio "Stop all traffic". So... I'm trying to install Prefbar 6.5.0 from a downloaded xpi file. SM gives me an option to get the file but when I load it in I get a message saying "signing could not be verified." and so it's not installed. Is there an area in the Preferences I need to change?
Google servers at ISP. I don't know if it's really all around the world. But is in my neck of the woods - we all see ggc in the addresses. Big providers are likely to have google servers on site. This describes it a bit: https://peering.google.com/about/ggc.html About youtube, which might well be included in your ISPs center, they had an interesting test of latency/quality long ago https://www.google.com/get/videoqualityreport/#how_video_gets_to_you and it caught the eye of the popular press as well: http://www.pcmag.com/article2/0,2817,2458723,00.asp For startup page setup while not being on the internet - go to about:config, type start in the Search box, and perhaps you could type in the page you want in the browser.startup.homepage line - replacing seamonkey link. Use at risk, I never did this. I like my blank startup page. Is most convenient when not connected. I think you really should be on a more recent SeaMonkey version. There were security patches in several versions.
@Reality Regarding SeaMonkey 2.0.14, this is something of a tradeoff. It doesn't have the anti-phishing and other features that will cause it to connect to Google. OTOH, it isn't completely compatible with HTML5. You may find sites that don't work properly with it. When I installed PrefBar, I did it through the addon manager, which installed an earlier version. On this copy of SeaMonkey 2.0.14, I'm using version 6.1 of PrefBar. I also installed the IXQuick search using the addon manager. There is an extension that disables part of the verification process that prevents some extensions from being installed. ATM I can't think of what it's called.
Thanks act. I got the last link, the first 2 are from the big G which I've blocked at present. I'll have a look in about:config and see what I can find. Edited to add: I don't want my default home page to load Startpage, but I Startpage to be the default search engine.
Let me know if you think of that extension. When I perused the versions of Prefbar, I did see the one I DL'd has "signed" beside it. Incidentally, I just tried installing the same Prefbar to FF and in Sandboxie (it's compatible with both) and surprise surprise it didn't balk.
Some more info on removing components. Have kept Windows File Protection (WFP) off when removing components and upon reboot it will be re-activated. 'API SP1 Driver' and 'Utopia Sound Scheme' may of not been present on system for removal. I'm assuming that when component(s) are removed XPlite uses the 'Last Known Good Configuration' and 'System Restore' (I don't use SR) for restoring purposes. Also inserting your XP CD when asked for. (LKGC - C:\WINDOWS\LastGood) No "LastGood" folder was generated. Also after each component removal (not all) there tends to be registry leftovers I check for. 'MUI Cache' is quite common along with 'ActiveX and Class Issues' and 'Type Libraries' to name a few. Removing 'Microsoft Agent' gave popup message for a restart and building the file list took a longer time. Haven't pinpointed issue with security app yet, but could be I had more components removed at that time. I'm not at that point yet, but hopefully I can narrow it down to what caused the problem.
