Home » Learning Curve » Red Hat Diaries
What Was it Steve Jobs Used to Say?He said it many times. Remember?
REDMOND (Rixstep) — What would Steve Jobs say if he saw the following?
Perhaps it'd be easier if you saw the page that comes from? Click the image and take a look. Now you know what he'd say.
But let's stop a moment at the image itself (and stop every time we need to). System File Checker? Not the same as fsck - you know, the program Dennis Ritchie said originally had a 'u' instead of an 's'. fsck deals with hardware glitches for the most part - or orphans created through outages - and only in extreme cases with what seasoned admins call 'that grey area between the file system and the hardware'.
But you sort of suspected Microsoft's System File Checker was mostly dealing with other things.
Running fsck is mostly straightforward. Add the flag -y and fsck will assume a 'yes' response to the questions it asks. So in other words: you get a standard 'fix'. And then you keep running fsck until it tells you the file system's OK.
User-friendly. Professional.
Running Microsoft's System File Checker (SFC.EXE) is another matter. First you have to find it, and how you do this depends on the version of Windows you're running, because Microsoft can't make up their minds how their system is supposed to look and behave.
With Windows 8.x, you have to swipe from the right edge of the screen and then tap 'Search'. Then you have to type 'Command Prompt' in the search box, then right-click on 'Command Prompt' (this gives you a popup) then click 'Run as administrator' from the popup.
On earlier versions of Windows, you click 'Start' (remember where that was?) and then type 'Command Prompt' as before.
You're now at a 'Command Prompt' in a console window and you type the following (and press ENTER).
sfc /scannow
And now you stop once again. What kind of graphics is that? What's the shit going on in the title bar? It looks like someone airbrushed the title in there? Talk about smudgy. And what's that on the far right in the title bar? Why that's the MARLETT font - or what's left of it. For Microsoft decided with Windows 95 (and that's 20 years ago) that they couldn't muster the steam to do good graphics in window frames, so they created a font instead, with characters seen above for minimise, maximise, and close.
And below the window, that green thing? Ah, that's because those windows are actually transparent. Or 'translucent' might be a better term. (Or not.) Because Microsoft went green with envy because OS X graphics, using an RGBA system (where the 'A' stands for alpha, a floating point opacity value) could do cool and useful things that they couldn't do (and still can't do).
But of course transparency on OS X had a point and you could actually read stuff in the background, whereas with Microsoft's 'transparency' you can't see shit. (And it's ugly too.)
And that's a scrollbar on the right? What kind of scroll bar is that? Can we check out the corners please? Are they kidding?
But anyway: what does SFC.EXE do? Let's ask Microsoft.
The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.
So it's pretty clear by now that this is not about fixing the file system per se, as is the case with fsck, but about fixing corrupted operating system files. And how does a system get corrupted files? You get one guess.
So far, SFC.EXE seems pretty straightforward. It sure looks like it concentrates on DLLs (shared libraries, that's most of the files down there) and that it can perform basic file compares, and copy from the dllcache subfolder if it wants (or just copy them all to spare some misery).
Time to stop again - with an innocent question. The most sensitive Windows files are in %WinDir%\System32. Leaving aside the obvious about why it's called 'System32' when most systems aren't 32-bit anymore, yet accepting the fact that these most crucial files are vulnerable to external attacks by malware, what makes us think that files in the dllcache are any safer? If Microsoft can't protect their system files in System32, how can they protect their files anywhere else? Or are they reckoning on the black hats not knowing about dllcache?
Windows Resource Protection?
Once System File Checker has completed its run (go for lunch in the meantime) you can get one of four happy answers.
(You might reasonably ask WTF is 'Windows Resource Protection' when you thought you were running 'System File Checker'. But you're in Redmond now, sucka!)
- Nothing's wrong.
- 'Windows Resource Protection' (formerly called 'System File Checker') found some shit but managed to fix it (ie copied in files from dllcache which hopefully weren't corrupted themselves).
- 'Windows Resource Protection' (formerly called 'System File Checker') found some shit but couldn't fix it.
- You asked 'Windows Resource Protection' (formerly called 'System File Checker') to do something but it couldn't, sorry.
If things didn't turn out well, you can still try booting into safe mode and/or plucking files manually to restore your system.
So you might still have quite a bit of bullshit to deal with before you're home free (if ever). The Microsoft documentation talks over and over about 'known good copies' of files, but where do those files come from? Couldn't users trust the files in that not-so-secret subfolder that everyone knows about?
It's been a few years since a consultant at a well-known five-sided building near the Potomac contacted us with a particularly delectable Windows screenshot. Those dudes were running some pretty sensitive shit. But on Windows. Suddenly this consultant got a popup. He managed to get a 'print screen'. It was a greeting from Microsoft. Here it is again.
(At least the graphics were a bit better back then.)
The big question - then, over ten years ago, as now - is:
IF MICROSOFT CAN EXPEND SO MUCH ENERGY (PROCESSING POWER) KEEPING TRACK OF ATTACKS ON SYSTEM FILES, WHY CAN'T THEY JUST PROTECT THE FILES IN THE FIRST PLACE?
Unix systems - such as Apple's OS X - do not have this problem. System files are buried way down deep in protected areas, where both files and directories are owned by root. Ordinary accounts can't tamper with the files; they can't add files to system areas; they can't remove files from system areas.
The only way aliens can get at those files on a Unix system is by getting root - in which case it's 'game over' anyway.
29 July
Microsoft will launch Windows 10 on 29 July. It's reputedly better than Windows 8.x (what isn't) and in fact is a bit of a 'rollback' to Windows 7. Microsoft sort of failed at introducing a new 'touch' interface to take after Apple, but nobody liked it. (It was sort of bad.)
Microsoft haven't had much success in any product area in the New Millennium. The latest Windows insult was when it was discovered only days ago that there was a vulnerability in one of their system fonts. (Yes, a font - because Microsoft run their fonts in kernel mode, so a hacked font can... You get the picture. Font files aren't protected either.)
There's been a discussion at HuffPo about the impending Windows 10 rollout.
What's most instructive about the discussion is that it quickly devolved into a 'Mac vs Windows' battle. A lone Mac user gets in there and is immediately bullied. Otherwise the comments generally hover around the following.
Well, that shows your lack of understanding. The issue is that MS doesn't make most of the software that runs on the Windows platform, unlike Apple - who force their users to buy their version of software, Windows encourages people and companies to develop their own software. Those third party software packages all need to be taken into account during upgrades. It is the price of freedom, freedom from having to run the OS on a specific companies hardware using their software and being tied to their vision of what things should look like.
And the following.
The day I can build a Mac without having to play partition parcheesee... I'll be a Mac user. As it stands, I cannot build an authorized Mac. Do you understand what I mean by that? I can grab a case, an SDD, a power supply, a motherboard, a CPU, a graphics board, all those things I need to build a desktop computer, but in order to make it a Mac I need to violate Apple's EULA. That's my problem with Apple. They only license their software to run on their own hardware. That's bad mmmkay.
But it's not about PC vs Mac; it's about Windows vs everything else. And Windows is... What was it Steve Jobs used to say?
See Also
Industry Watch: Windows File Protection
|