I managed to acquire, for the price of a nice lunch, a brand new Elonex media center Artisan LX a couple of days back. I was initially very excited because up to then I had still been running my first media center was really just an experiment, built from scratch containing mostly old components I had around my place. A year and a bit on, I am firmly hooked on a PC based PVR system the cornerstone of my entertainment system. It contained an Athlon 2600+ processor with 512Mb of DDR coupled with a DVB-T Hauppage tuner and an 80Gb drive for recordings running the open source MediaPortal software. So as you can see, there was plenty of room for improvement.
This was the first time I have really had a tinker with the Windows Media Center range of Operating systems that Microsoft produce and I went in with few expectations, apart from wanting at least as comparable an experience in terms of functionality and flexibility as I have enjoyed with MediaPortal.
The first thing that struck me was how fickle Windows Media Center 2005 was, even with all the roll ups (essentially what Microsoft call Service Packs for Media Center OS) installed. Wikipedia sums up the ‘capabilities’ of WMC 2005:
‘Media Center originally had a limitation of 1 analog tuner, but was raised to 2 analog tuners with Media Center 2005. With Update Rollup 1 for Media Center 2005, support for a digital tuner was added, but an analog tuner must still be present for the digital tuner to function. With Rollup 2, up to 4 TV tuners can be configured (2 analog and 2 HDTV). All the tuners must use the same source, for example they must all be off an aerial or a set-top box using the same guide data, you cannot mix Sky Digital and DVB-T for example.’
XP Media Center really shows its age here – I do not watch any analogue transmissions, so for a Media Center to require a legacy piece of hardware just to be able to access DVB (digital) seems preposterous. But that was not the worst thing! Windows Media Center 2005 is not capable of pulling EPG data OTA (over-the-air) instead requiring an overly elaborate system that relies on a permanent, always on Internet connection. This also raises some privacy concerns as ‘anonymous’ data, which is not entirely anonymous as Microsoft asks for your postcode during set up, is fed back to Microsoft which can include recording / watching trends and general EPG usage. Hitherto my media center system has not been networked. Considering it is in the opposite corner of my house, and I do not stream my recordings or have formal media shares, I never felt the need to network it. It was nice to just have a static, secure system without any security programs or periodic updates – now security monitoring of my media center has been added to my list of digital chores.
None the less, I was determined to give it a fair go, so I added a wifi adaptor, added some plug-ins and configured everything. After spending eight hours getting everything working, playing around and testing… I went back to my custom build. Not all the problems can be put squarely at Microsoft’s feet however. Elonex declared bankruptcy shortly after launching this range and the malicious part of me can see why, if this mediacenter is the sum total of their expertise.
Whilst the case looked rather nice from the outside, the hardware and the design of the internals is what really lets it down. The only element Elonex got right was the noise (or lack thereof) – the media center barely gives out a murmur when idle due to only a since fan which is housed inside the power supply. It runs at 690rpm, which draws air over the CPU heatsink (which has four heat pipes) and directly out the side of the case. However, I stressed ‘at idle’ before for a reason. When the media center does anything the incredibly noisy hard drive starts very audibly clicking and crunching away and it completely lets the machine down.
However that’s not the worst thing about this mediacenter. Due to the fact that there is only one very slow fan the airflow in the case is restricted to circulating around the motherboard tray, the processor then out the power supply. The harddrive and PCI / AGP cards are completely neglected. This point was slammed home when the harddrive consistently reported temperatures of high 50s to 62 degrees Celsius!!! Worse still, when I idled the system, that heat didn’t dissipate. The hard drive is locked into place with a pretentious plastic locking mechanism which neither improves the accessibility of the drive bay nor decreases the vibrations from the drive. There is no thermal (or thermally viable) contact between the hard drive and the case and as such, the hard drive is left smouldering away with no way to cool down predictably with next to no drop in temperature. There is a valid point that maintaining electronic components at a set temperature prolongs their life by avoiding constantly repeating thermal differentials (i.e. heating and cooling) however the fact remains that 60+ degrees centigrade is far too hot for a hard drive. Although my brief research on this did not yield any definitive threshold, most sources agree that 50-55 degrees Centigrade is about the absolute maximum recommended operating temperature.
Couple this practically zero thermal conduction with a lack of airflow and you have a recipie for a very short hard drive life. Even worse, this thermal issue was not limited to HDD, the south-bridge and GFX heatsinks were equally poorly cooled and get unpleasantly hot to the touch.
Worst of all, it is just slow. CpuID and the BIOS disagreed with each other about the exact Intel processor that powers the system. I believe it to be either an Intel Pentium 4 530 (at 3.06Ghz) or a Celeron D 345. There is no way the much older Athlon 2600+ processor with the same RAM should be out performing this setup and yet it does so without breaking a sweat.
All in all, very disappointing. A remarkable demonstration of technical ignorance on the part of Elonex. But hey, I didn’t pay for it and now I have an extra DVB-T tuner back in my original, self built machine.
Design (cosmetic) : 8/10 – Pleasing, with a nice Hi-fi look.
Design (technical) : 2/10 – Poor components poorly arranged.
Cooling : 6/10 – Great CPU and powersupply cooling, but everything else is woefully neglected.
Acoustics : 6/10 – Silent until it has to touch the harddrive, still a good effort though
Connectivity : 8/10 – Lots of connectors for digital Audio and Video
Capacity : 5/10 – 200Gb harddrive with a portion taken for recovery. I wouldn’t trust it though and by modern standards it is rather anemic.
Overall : 2/10 – Great for free, if I paid anything for it I would have been annoyed.
Despite all the problems circulating the web about Windows XP Service Pack 3, I thought I would go ahead anyway on a new installation. The installation part went fine and the system restarted properly with no lock ups, stops or looping restarts. So far so good, unfortunately I celebrated my good fortune too soon – Windows Update stopped functioning. Whilst updates were being downloaded, Windows XP would fail to actually perform the update.
I did a bit of googling and whilst I didn’t find any accounts exactly matching my problem, I decided to follow the advice on this Microsoft KB article.
First of all, stop the automatic update service from the command prompt.
1. Open up Start Menu > Run
2. Type “cmd” and press Enter.
3. In the command box, type “net stop wuauserv”, should should get the following confirmation:
Now we need to reregister the DLL involved in the Windows Update process.
4. Type in “regsvr32 %windir%\system32\wups2.dll”. The following control box should pop up after a moment:
Now we need to start the update service and hopefully all should be well again.
5. Type “net start wuauserv” which should yield this confirmation:
Thats it, updates started working for me immediately afterwards. If this didn’t do the trick for you, follow the alternative methods on Microsoft’s KB article linked above.
I was bemused to read on bbc news earlier that a trivially simply ploy stung half a million file sharers. The concept is nothing new having been started a fair few years ago by virus / malware writers and adopted by Copyright enforcement agencies in recent years. Do the anatomy of a decentralised file sharing system, anyone can seed a file. Once this seeded file is made available to the peer-to-peer network it either becomes advertised to a localised central file distributor (referred to as a Super Node or Server) or is found during a spider search query run by another user logged into the peer to peer network. If these files are topical or sought after, they can be transferred onto a different node (client) rapidly. There they are stored in the second user’s ‘shared’ directory where more people can download it.
Once a seeded file has been downloaded and spread over a few tens of nodes the rate at which it can be downloaded by others increases almost exponentially with a cascade like effect. Other people of the peer to peer network are lured into downloading this file based on the number of people who have it therefore assuming it must be genuine and would be comparatively quick to obtain. Couple this with a topical or sought-after song / album or file aimed at the masses (who statistically would contain a fair percentage of PC-illiterate users and those with a penchance for agreeing to all the pop ups they come across) means these files explode across networks.
This malicious file in question appears to have masqueraded as a MP3 by Girls Aloud. Given the fact that on running the file pops up a message saying the computer requires a codec to play the song and tries to direct you to a website in order to download it, most computer users would stop and reexamine what they had just downloaded. People that brazenly proceeded and downloaded the malicious ‘codec’ package had spyware installed on their system which would ‘bombard’ users with pop ups. Also, the download file would spawn copies of itself within the User’s shared folder under different names to try to make itself attractive to a greater audience.
But what happened? How were people tricked into downloading an MP3 file but ended up running a malicuous program? The answer to this lies in the file type. Broadly speaking, there are two ways in which a file can be opened:
1) via script or binary execution (e.g. .exe, .com, .vbs, .java, .scr … and some others)
2) via program read from an external application (e.g. .txt, .doc, .wav, .mpg, .avi …. and MANY more.)
MP3 files (Moving Picture Experts Group version 1 audio layer 3) are the latter, upon execution, Windows searches through its list of known file extensions stored in the registry to see what it should do. It instantly finds the entry for MP3 and sees this type of file is handled by a media player like Windows Media Player, WinAMP, iTunes etc etc. Windows then executes the media player which, on loading, opens the MP3 file specified in the command line argument, decodes a block, fills its buffer and starts to play. Unless a clever trick like a buffer overflow is used, which have historically been responsible for security breaches in various Windows programs as well as console homebrew development, this renders all ‘program read’ type files harmless*. As such we have to look elsewhere for the source of this problem.
That brings us nicely to the point I wanted to raise in this post, file extensions and more specifically, security vulnerabilities in their implementation. Recent versions of Windows from XP (and possibly earlier, I can not remember) have automatically hidden the file extension by default leaving the user to distinguish between file types by iconographic representations. Whilst at times this is both cleaner looking and more functional, it does present an interesting security problem, what if there are two file extensions? Window will quite happily truncate the file .xxx from a file name leaving the first extension, despite the fact Windows ignores anything before the final .xxx . As a result, if you name a file SomethingInteresting.mp3.exe, in its default state, Windows will happily display the file as SomethingInteresting.mp3 but will execute the file as an EXE when double clicked. Obviously, if you quieried the file by right clicking on it and selecting properties you would be immediately told what type of file it is, but most people will take the file at face value.
Luckily there is a very simple way to gaurd against such black magic, in Windows XP and Vista** in the file browser, goto the Tools menu and select Folder Options.
In this dialog, uncheck ‘Hide extensions for known file types’ and click Apply followed by clicking Apply to all folders.
And that’s it! A simple check box and some common sense now separates you from being lured into downloading fake or malicious files.
* Some files like some movies can have containers which direct the media player or operating system to web pages. It is not just media files which are vulnerable but this is a completely different topic.
** In Vista you may have to enable the classic menu
I just came across a great site called MyVistaBoot.com . As the name suggests, it is dedicated to sprucing up that fairly boring Vista boot screen. Each new boot screen is packaged with an installer so it is trivial to get them on your system without resorting to the use of third party applications as was necessary with Windows XP. Take a look, there are some very elegant ones on there to suit every taste.
UPDATE: My mistake, the file downloaded replaces the winload.exe.mui file directly. It is not as simple as just replacing the Windows file but the instructions are clear and concise.