Infobyte Blog

CoinMiner now uses your computer to mine for Bitcoins

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

Now this is interesting – with the rise of popularity of cryptocurrencies such as Bitcoin or Ethereum, it was only a matter of time until someone figured out that someone else’s PC processor can be used as their own Bitcoin mining slave. So the new CoinMiner trojan installs itself onto an affected PC computer and starts mining for Bitcoins. This results in a jump of CPU usage to 100%, reduced responsiveness of the operating system as well as increased electricity bills and Internet data traffic, slowing everything else down.

Up until this point, I’ve only seen the direct extortion like encrypting files and asking for ransom money for the decryption code. But this one actually mines for Bitcoins using your own CPU so it makes its own money so you don’t have to pay directly. How convenient. But I only wish that would be the the worst it can do.

Trouble is, you can never be too sure with these guys and it can do a whole lot worse, like – take control of your files and essentially do whatever it wants with them. Or take control of your Internet banking. Or credit cards. Or…

CoinMiner uses the exact same vulnerability like the recently active WannaCry malware used to get into a computer – already discovered and patched EternalBlue vulnerability affecting mostly unpatched Windows XP and Windows Vista computers. Sadly, too many people don’t take this seriously enough and they continue to use both Windows XP and Vista, even now when they have both been discontinued and security updates have stopped for a long time. Even worse, same people mislead themselves into thinking that they are protected if they install antivirus software. Recently – I also discovered that even the so called SafeZone web browser by Avast (also called Avastium) has its own security vulnerabilities by overriding some of the default settings of Chromium web browsing engine it uses. Installing antivirus on a compromised system can’t help much, especially today when antiviruses introduce vulnerabilities of their own – the case with SafeZone is not the only one, it is just one of the many.

These things are not going to go away. If anything – they will get only worse.

And the solution is so simple – just upgrade to the supported version of Windows (at the time of this writing – 7, 8 and 10) and do not disable automatic Windows updates. And of course, use some common sense when installing other programs on your computer (and update them regularly as well). How hard can it be, really?

Windows 10 S or Microsoft’s another attempt to become Google (or Apple)

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

Well, Microsoft has done it again – this time they call it Windows 10 S and it is supposed to be lightweight Windows 10 which should be safer and prolong laptop/tablet battery life. The way I see it that is where the benefits end. What goes on further is only Microsoft’s attempt to serve their own agenda, not their user’s needs. Here is why:

The sales pitch

The sales pitch is that this is the perfect new Windows for educational purposes. So they want students to learn on Windows, rather than Chromebooks which currently dominate the US school system – primarily because of their price. So they created comparatively expensive tablet and put the stripped down version of Windows on it. I am not sure how that will play out for the education market, but I am not so sure it is the most magical mix of ingredients for the perfect sales formula.

Bing and Edge, without a choice

Bing will be default search engine and Edge will be default web browser. You cannot change them. You prefer Google? You can still create a bookmark but you cannot change search engine in Edge browser. You prefer Firefox or Chrome? Maybe both will one day exist on Windows 10 S but they will use Edge rendering engine and not their own. This is similar to Apple model but the difference is that when Firefox and Chrome entered iOS AppStore, they gained user-base from already well built AppStore. This is not the same with Windows Apps Store which, at the moment is a wasteland. So, on the one hand, Microsoft wants you to stop using Google as search engine and switch to the inferior Bing engine and wants to be Google. On the other hand it wants to have full control over the apps which are published for the Windows and wants to be Apple. But if this is not enough for you and you want to run Win32/non-store Apps, you still have an option to upgrade it to Windows 10 Pro for the small cost of $49 (or return the laptop/tablet to BestBuy).

Confusion and more confusion

Microsoft positions Windows 10 S right between the Windows 10 Home and Windows 10 Pro indicating somehow that Windows 10 S is better than Home version and worse than Pro version. In fact, with Windows 10 Home or Pro you can run Windows desktop apps (or Win32 apps), which you cannot do with Windows 10 S which makes Windows 10 S the worse of the pack. The only apps you can run on Windows 10 S are the ones which are published on Windows Apps Store. So you might imagine that someone might purchase Windows 10 S thinking that they got something better than Windows 10 Home just to end up with having no choice other than the Windows Store Apps, looking for inefficient replacement for the already well developed non-store apps. And there are way too many good programs to be listed here which simply are not present on Windows App Store.

Not the first time

This is not the first time Microsoft has attempted something like this. Last time it was called Windows RT. As of today, this operating system is discontinued. Is this the fate of the new Windows 10 S? Time will tell. Odds are not great in Microsoft’s favor.

What to do?

For now, and I am not the only one who thinks the same – I would wait and avoid it. Windows 10 Home or Pro are simply the better choice being able to run all the Windows apps. Even though, there is an upgrade option to purchase upgrade to Windows 10 Pro ($49), this still doesn’t look like a great deal to me. I know that Microsoft wants developers to switch immediately to Windows App Store. But many will wait how the situation unfolds. And if that happens in sufficient amount, Windows App Store will remain as it is today – a comparatively minor and irrelevant App Store. Let’s wait a year or two to see if Windows 10 S will be discontinued or not. An awfully lot of time to wait in the computer software industry.

But in the meantime, I would recommend getting Windows 10 Home or Windows 10 Pro instead and saving yourself lots of trouble (and money). Come to think of it, maybe that is exactly what they wanted you to do?

How to backup computer data

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

At OE Classic we care a great deal to keep our data safe, but we also care to teach you of our best practices so you can learn from us. So with this short introduction, here is how we handle our data backup – an info you can use to do your own data backups.

First of all, we separate our data into critical and non-critical. Critical is something where we would quickly go out of business if it was lost. An example of such a thing is OE Classic source code. This is separated into special folder (with appropriate sub-folders). Everything else is non-critical. If non-critical data is lost, it can be found somewhere, purchased or rebuilt in a short time. These are mostly purchases we did. The separation keeps the amount of critical data to the minimum so it can be distributed easier to more backup locations which plays an important role.

Note that we probably overdo our backups a bit – but – hearing so many horror stories of data loss and companies going out of business as a result of that – we cannot afford to lose data. Better safe than sorry. So here goes.

Critical data backup

Critical data is saved to a few different online cloud backup locations. Locations like – Dropbox, Google Drive, Microsoft OneDrive and Mega. Each of these cloud providers stores data in various data centers, located around the entire planet. This ensures data is located around the world. What we use this for is critical data such as OE Classic source code and other files very difficult to produce. The data is not left in plain-sight, it is always encrypted using heavy encryption and the key-code is always kept in an offline location with backup of the key-code in QR code format and plain-text on paper as well as in our smartphones. The location of all these servers is not always known to us but we do know that they are in various locations within the USA, Europe, New Zealand and Australia.

One of the most important aspects of a good backup is to have it in various locations and cloud made this extremely easy – if disaster happens in one location, it won’t happen in all. When I am talking about a disaster I think of – malware, hard disk failure, system being compromised by malicious attacker, as well as natural catastrophes such as earthquakes, solar flares causing EMP, floods, fires and so on.

As I already mentioned, the data is encrypted with our own strong encryption code. As it used to happen before the data from various cloud providers has been compromised, even if they used encryption. Leaving the data in the open is therefore not a good idea for cloud backup. If cloud storage provider is compromised – our data is safely encrypted and the attacker cannot do a thing with it except look at bunch of useless encrypted code which would take thousands of years to decrypt with the brute-force techniques and the given key-code length.

Local backup

Locally, we store data on backup hard drives. This is for critical and non-critical data. For this we use 2 small and light 2.5″ USB 3.0 hard disks. They are tiny, easy to carry around and thanks to USB 3.0 quick to do a backup. They are also very affordable and if one breaks it can easily be replaced. These two disks are kept at two different locations, one in the office and another away from the office at another location. If earthquake, flood, fire or anything of that kind strikes, at least one local copy should remain safe. Disks are filled and when filled – their location is swapped.

Server data backup

Our servers do automatic backup in a RAID array as well as regular automated backup of user database and we also do occasional update to our local/critical backup of server database. So we safeguard user data too, having in mind the purchase price means investment into our software or services.

DVD backup

Additionally, we keep a copy on DVD disks too, again encrypted for easily discarding the disks later when they are out of date. Optical media can survive EMP blast (coming from a nuclear attack or much more likely – solar flare), even if hard disks would not. And we’re thinking of making or purchasing a cheap Faraday cage to keep our disks safe too. As it appears Faraday cages are quite easy to make, it can be just a simple box wrapped entirely in aluminum foil or a metal cookie jar, as long as the disk is isolated from the conductive material. There are also readily available anti-static bags to purchase. More than good enough for protection purposes. Optionally, it can be grounded (even though there will likely be minimal difference in protection of the disk inside).

Of course, a few of the methods described above are on the paranoid side. But then again, if they are easy or practical to implement – why not – it is usually just a small change of habit.

Now when you’ve learned how we do backups at OEClassic.com apply it to your own backups to keep your data safe!

IAF File Format Specification And Field ID Assignment Table

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

IAF is a file format used for importing and exporting account information in Microsoft Outlook Express 6, Microsoft Windows Mail (Windows Vista), Microsoft Windows Live Mail and older versions of Microsoft Outlook. It can be decoded by code already available on the Internet. Here are a few links to the decoder code:

The above code works just fine however it has a problem – a good number of IAF fields are not recognized, especially for Windows Live Mail IAF file format. So here is my update on this topic and most up to date list of fields I could come up with. Also, this post contains a bit of documentation on IAF file format because I found that it is rather hard to find online and Microsoft never revealed IAF file format specification (to my knowledge – correct me if I am wrong).

Essentially, IAF comes in 2 flavors:

WideChar version (16-bit characters – UTF-16LE format), used by Windows Mail and Windows Live Mail
NarrowChar version (8-bit characters, encoded in specific charset encoding – usually the same like OS charset) used by Outlook Express 6 and older Microsoft Outlook

For NarrowChar version assignment of Field IDs is more or less known and available in the decoder code above. However, for the WideChar version, not all fields are recognized.

The above code contains a list of Field IDs with their names and assignment. The purpose of this post is to complement that list with some additional Field IDs and offer additional explanation of how the fields are organized – which can help in further reverse engineering of the IAF file format.

From what I could discover, it appears that the Field IDs are 9-digit numbers organized into sections which begin with certain 3-digit number which I will call “sections”. Between the Field IDs there are gaps, probably left intentionally for future upgrades to the file format without breaking the old format. The Field ID ranges are organized as following:

305-306 – General settings section
311-314 – IMAP settings section
321-323 – HTTP settings section
325-326 – NNTP settings section
331-332 – POP3 settings section
338-339 – SMTP settings section

The numbers above represent only the first 3 digits of a 9-digit Field ID, so for example, a full Field ID might be:

305464304 – belongs to “General settings” section and is Field ID for AccountName.
311952368 – belongs to “IMAP settings” section and is Field ID for IMAPServer.

The bold part of the Field ID number above represents the number from the above section range. This is similar for all other fields as defined in the list.

So, as promised above – here is full list of the Field IDs, including the ones missing from the above decoder code. You will notice that some fields are still unknown.

Unknown fields have an “UNKNOWN” in the comment and are prefixed by “GENERAL-“, “IMAP-“, “HTTP-“, and “NNTP-“. As it seems, there are no unknown fields in the POP3 and SMTP sections that I have discovered so far.

If you know what the UNKNOWN fields are used for or if you have additional ones to complement this list, please do leave a comment below this post to help in reverse engineering of the IAF file format so that a fully featured decoder can be written at last. I will of course update this post with the latest up-to-date table and share it with everyone.

The list is public domain and you are free to use in your code, for any purposes, commercial or any other (I would be happy if you notify me about it, but this is not needed).

You can also decode your own IAF files (for example, if you want to extract forgotten password) with the online decoder found here:
https://www.oeclassic.com/iaf-decoder

// Example IAF header
// "\x66\x4D\x41\x49\x00\x00\x05\x00\x01\x00\x00\x00"
// Offs 00-03 = 'fMAI' (IAF magic string)
// Offs 04-05 = 0000
// Offs 06    = 05 or 07 (05=Outlook Express format/8-bit char, 07=Unicode Windows Mail/Windows Live Mail format/UTF-16LE char)
// Offs 07    = 00
// Offs 08    = 00 or 01 or 02 (00=News acount, 01=IMAP/POP3 account, 02=Active Directory/LDAP account)
// Offs 09-0a = 000000

// IAF fields - PHP code
private $_fieldsTable = array(

// 305-306 -> General settings
'AccountName'              => array('305464304', 'nullstr_fmt',  '',          ''),
'TemporaryAccount'         => array('305595369', 'ulong_le_fmt', 'bool_re',   ''),
'GENERAL-305660911'        => array('305660911', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only?
'ConnectionType'           => array('305726441', 'ulong_le_fmt', 'iaf_ct_re', ''),
'ConnectionName'           => array('305791984', 'nullstr_fmt',  '',          ''),
'ConnectionFlags'          => array('305857513', 'ulong_le_fmt', 'num_re',    ''),
'AccountID'                => array('305988592', 'nullstr_fmt',  '',          ''),             // Win32-Outlook-IAF fix
'BackupConnectionName'     => array('306054128', 'nullstr_fmt',  '',          ''),
'MakeAvailableOffline'     => array('306185193', 'ulong_le_fmt', 'bool_re',   ''),
'ServerReadOnly'           => array('306316277', 'ulong_le_fmt', 'bool_re',   ''),
'GENERAL-306381801'        => array('306381801', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail

// 311-314 -> IMAP settings
'IMAPServer'               => array('311952368', 'nullstr_fmt',  '',          ''),
'IMAPUserName'             => array('312017904', 'nullstr_fmt',  '',          ''),
'IMAPPassword'             => array('312083446', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'IMAPAuthUseSPA'           => array('312214517', 'ulong_le_fmt', 'bool_re',   ''),
'IMAPPort'                 => array('312280041', 'ulong_le_fmt', 'num_re',    ''),
'IMAPSecureConnection'     => array('312345589', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPTimeout'              => array('312411113', 'ulong_le_fmt', 'num_re',    ''),
'IMAPRootFolder'           => array('312476656', 'nullstr_fmt',  '',          ''),
'IMAPUseLSUB'              => array('312673269', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPPolling'              => array('312738805', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPFullList'             => array('312804341', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPStoreSpecialFolders'  => array('313000949', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPSentItemsFolder'      => array('313066480', 'nullstr_fmt',  '',          ''),
'IMAPDraftsFolder'         => array('313197552', 'nullstr_fmt',  '',          ''),
'IMAPPasswordPrompt'       => array('313525237', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPDirty'                => array('313590761', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPPollAllFolders'       => array('313656309', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPDeletedItemsFolder'   => array('313721840', 'nullstr_fmt',  '',          ''),             // added from Vista
'IMAPJunkEmailFolder'      => array('313787376', 'nullstr_fmt',  '',          ''),             // added from Vista
'IMAPInboxFolder'          => array('313852912', 'nullstr_fmt',  '',          ''),             // added from Windows Mail and Windows Live Mail
'IMAP-313918453'           => array('313918453', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-313983989'           => array('313983989', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-314049525'           => array('314049525', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-314115061'           => array('314115061', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-314180597'           => array('314180597', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail

// 321-323 -> HTTP settings
'HTTPServer'               => array('321782768', 'nullstr_fmt',  '',          ''),
'HTTPUserName'             => array('321848304', 'nullstr_fmt',  '',          ''),
'HTTPPassword'             => array('321913846', 'nullstr_fmt',  '',          'iaf_password'),
'HTTPPasswordPrompt'       => array('321979381', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPAuthUseSPA'           => array('322044905', 'ulong_le_fmt', 'bool_re',   ''),
'HTTPFriendlyName'         => array('322110448', 'nullstr_fmt',  '',          ''),
'HTTPDomainIsMSN'          => array('322175989', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPPolling'              => array('322241525', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPAdBarURL'             => array('322307056', 'nullstr_fmt',  '',          ''),
'HTTPShowAdBar'            => array('322372597', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPMinPollingInterval'   => array('322438135', 'ulong_le_fmt', 'num_re',    ''),
'HTTPGotPollingInterval'   => array('322503669', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPLastPolledTime'       => array('322569207', 'ulong_le_fmt', 'num_re',    ''),
'HTTP-322634741'           => array('322634741', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'HTTP-323552245'           => array('323552245', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Vista
'HTTP-323683317'           => array('323683317', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'HTTP-323748853'           => array('323748853', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail

// 325-326 -> NNTP settings
'NNTPServer'               => array('325059568', 'nullstr_fmt',  '',          ''),
'NNTPUserName'             => array('325125104', 'nullstr_fmt',  '',          ''),
'NNTPPassword'             => array('325190646', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'NNTPAuthMethod'           => array('325321717', 'ulong_le_fmt', 'iaf_am_re', ''),
'NNTPPort'                 => array('325387241', 'ulong_le_fmt', 'num_re',    ''),
'NNTPSecureConnection'     => array('325452789', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPTimeout'              => array('325518313', 'ulong_le_fmt', 'num_re',    ''),
'NNTPDisplayName'          => array('325583856', 'nullstr_fmt',  '',          ''),
'NNTPOrganizationName'     => array('325649392', 'nullstr_fmt',  '',          ''),
'NNTPEmailAddress'         => array('325714928', 'nullstr_fmt',  '',          ''),
'NNTPReplyToEmailAddress'  => array('325780464', 'nullstr_fmt',  '',          ''),
'NNTPSplitMessages'        => array('325846005', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPSplitMessageSize'     => array('325911529', 'ulong_le_fmt', 'num_re',    ''),
'NNTPUseGroupDescriptions' => array('325977077', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPPolling'              => array('326108149', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPPostingFormat'        => array('326173673', 'ulong_le_fmt', 'iaf_pf_re', ''),
'NNTPSignature'            => array('326239216', 'nullstr_fmt',  'regkey_re', ''),
'NNTPPasswordPrompt'       => array('326304757', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTP-326370281'           => array('326370281', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only
'NNTP-326632425'           => array('326632425', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only

// 331-332 -> POP3 settings
'POP3Server'               => array('331613168', 'nullstr_fmt',  '',          ''),
'POP3UserName'             => array('331678704', 'nullstr_fmt',  '',          ''),
'POP3Password'             => array('331744246', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'POP3AuthUseSPA'           => array('331875317', 'ulong_le_fmt', 'bool_re',   ''),
'POP3Port'                 => array('331940841', 'ulong_le_fmt', 'num_re',    ''),
'POP3SecureConnection'     => array('332006389', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3Timeout'              => array('332071913', 'ulong_le_fmt', 'num_re',    ''),
'POP3LeaveMailOnServer'    => array('332137461', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3RemoveWhenDeleted'    => array('332202997', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3RemoveWhenExpired'    => array('332268533', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3ExpireDays'           => array('332334057', 'ulong_le_fmt', 'num_re',    ''),
'POP3SkipAccount'          => array('332399605', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3PasswordPrompt'       => array('332530677', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),

// 338-339 -> SMTP settings
'SMTPServer'               => array('338166768', 'nullstr_fmt',  '',          ''),
'SMTPUserName'             => array('338232304', 'nullstr_fmt',  '',          ''),             // NOTE - If SMTPAuthMethod is set to "Use incoming" (value=02) then username/password will be absent
'SMTPPassword'             => array('338297846', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'SMTPAuthMethod'           => array('338428905', 'ulong_le_fmt', 'iaf_am_re', ''),
'SMTPPort'                 => array('338494441', 'ulong_le_fmt', 'num_re',    ''),
'SMTPSecureConnection'     => array('338559989', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'SMTPTimeout'              => array('338625513', 'ulong_le_fmt', 'num_re',    ''),
'SMTPDisplayName'          => array('338691056', 'nullstr_fmt',  '',          ''),
'SMTPOrganizationName'     => array('338756592', 'nullstr_fmt',  '',          ''),
'SMTPEmailAddress'         => array('338822128', 'nullstr_fmt',  '',          ''),
'SMTPReplyToEmailAddress'  => array('338887664', 'nullstr_fmt',  '',          ''),
'SMTPSplitMessages'        => array('338953205', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'SMTPSplitMessageSize'     => array('339018729', 'ulong_le_fmt', 'num_re',    ''),
'SMTPSignature'            => array('339149808', 'nullstr_fmt',  'regkey_re', ''),
'SMTPPasswordPrompt'       => array('339215349', 'ulong_le_fmt', 'bool_re',   'iaf_bool')
);

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

// Example IAF header

// "\x66\x4D\x41\x49\x00\x00\x05\x00\x01\x00\x00\x00"

// Offs 00-03 = 'fMAI' (IAF magic string)

// Offs 04-05 = 0000

// Offs 06 = 05 or 07 (05=Outlook Express format/8-bit char, 07=Unicode Windows Mail/Windows Live Mail format/UTF-16LE char)

// Offs 07 = 00

// Offs 08 = 00 or 01 or 02 (00=News acount, 01=IMAP/POP3 account, 02=Active Directory/LDAP account)

// Offs 09-0a = 000000

// IAF fields - PHP code

private $_fieldsTable = array(

// 305-306 -> General settings

'AccountName' => array('305464304', 'nullstr_fmt', '', ''),

'TemporaryAccount' => array('305595369', 'ulong_le_fmt', 'bool_re', ''),

'GENERAL-305660911' => array('305660911', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only?

'ConnectionType' => array('305726441', 'ulong_le_fmt', 'iaf_ct_re', ''),

'ConnectionName' => array('305791984', 'nullstr_fmt', '', ''),

'ConnectionFlags' => array('305857513', 'ulong_le_fmt', 'num_re', ''),

'AccountID' => array('305988592', 'nullstr_fmt', '', ''), // Win32-Outlook-IAF fix

'BackupConnectionName' => array('306054128', 'nullstr_fmt', '', ''),

'MakeAvailableOffline' => array('306185193', 'ulong_le_fmt', 'bool_re', ''),

'ServerReadOnly' => array('306316277', 'ulong_le_fmt', 'bool_re', ''),

'GENERAL-306381801' => array('306381801', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

// 311-314 -> IMAP settings

'IMAPServer' => array('311952368', 'nullstr_fmt', '', ''),

'IMAPUserName' => array('312017904', 'nullstr_fmt', '', ''),

'IMAPPassword' => array('312083446', 'nullstr_fmt', '', 'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent

'IMAPAuthUseSPA' => array('312214517', 'ulong_le_fmt', 'bool_re', ''),

'IMAPPort' => array('312280041', 'ulong_le_fmt', 'num_re', ''),

'IMAPSecureConnection' => array('312345589', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPTimeout' => array('312411113', 'ulong_le_fmt', 'num_re', ''),

'IMAPRootFolder' => array('312476656', 'nullstr_fmt', '', ''),

'IMAPUseLSUB' => array('312673269', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPPolling' => array('312738805', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPFullList' => array('312804341', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPStoreSpecialFolders' => array('313000949', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPSentItemsFolder' => array('313066480', 'nullstr_fmt', '', ''),

'IMAPDraftsFolder' => array('313197552', 'nullstr_fmt', '', ''),

'IMAPPasswordPrompt' => array('313525237', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPDirty' => array('313590761', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPPollAllFolders' => array('313656309', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'IMAPDeletedItemsFolder' => array('313721840', 'nullstr_fmt', '', ''), // added from Vista

'IMAPJunkEmailFolder' => array('313787376', 'nullstr_fmt', '', ''), // added from Vista

'IMAPInboxFolder' => array('313852912', 'nullstr_fmt', '', ''), // added from Windows Mail and Windows Live Mail

'IMAP-313918453' => array('313918453', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

'IMAP-313983989' => array('313983989', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

'IMAP-314049525' => array('314049525', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

'IMAP-314115061' => array('314115061', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

'IMAP-314180597' => array('314180597', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

// 321-323 -> HTTP settings

'HTTPServer' => array('321782768', 'nullstr_fmt', '', ''),

'HTTPUserName' => array('321848304', 'nullstr_fmt', '', ''),

'HTTPPassword' => array('321913846', 'nullstr_fmt', '', 'iaf_password'),

'HTTPPasswordPrompt' => array('321979381', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'HTTPAuthUseSPA' => array('322044905', 'ulong_le_fmt', 'bool_re', ''),

'HTTPFriendlyName' => array('322110448', 'nullstr_fmt', '', ''),

'HTTPDomainIsMSN' => array('322175989', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'HTTPPolling' => array('322241525', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'HTTPAdBarURL' => array('322307056', 'nullstr_fmt', '', ''),

'HTTPShowAdBar' => array('322372597', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'HTTPMinPollingInterval' => array('322438135', 'ulong_le_fmt', 'num_re', ''),

'HTTPGotPollingInterval' => array('322503669', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'HTTPLastPolledTime' => array('322569207', 'ulong_le_fmt', 'num_re', ''),

'HTTP-322634741' => array('322634741', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

'HTTP-323552245' => array('323552245', 'nullstr_fmt', '', ''), // UNKNOWN - added from Vista

'HTTP-323683317' => array('323683317', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

'HTTP-323748853' => array('323748853', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail

// 325-326 -> NNTP settings

'NNTPServer' => array('325059568', 'nullstr_fmt', '', ''),

'NNTPUserName' => array('325125104', 'nullstr_fmt', '', ''),

'NNTPPassword' => array('325190646', 'nullstr_fmt', '', 'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent

'NNTPAuthMethod' => array('325321717', 'ulong_le_fmt', 'iaf_am_re', ''),

'NNTPPort' => array('325387241', 'ulong_le_fmt', 'num_re', ''),

'NNTPSecureConnection' => array('325452789', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'NNTPTimeout' => array('325518313', 'ulong_le_fmt', 'num_re', ''),

'NNTPDisplayName' => array('325583856', 'nullstr_fmt', '', ''),

'NNTPOrganizationName' => array('325649392', 'nullstr_fmt', '', ''),

'NNTPEmailAddress' => array('325714928', 'nullstr_fmt', '', ''),

'NNTPReplyToEmailAddress' => array('325780464', 'nullstr_fmt', '', ''),

'NNTPSplitMessages' => array('325846005', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'NNTPSplitMessageSize' => array('325911529', 'ulong_le_fmt', 'num_re', ''),

'NNTPUseGroupDescriptions' => array('325977077', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'NNTPPolling' => array('326108149', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'NNTPPostingFormat' => array('326173673', 'ulong_le_fmt', 'iaf_pf_re', ''),

'NNTPSignature' => array('326239216', 'nullstr_fmt', 'regkey_re', ''),

'NNTPPasswordPrompt' => array('326304757', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'NNTP-326370281' => array('326370281', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only

'NNTP-326632425' => array('326632425', 'nullstr_fmt', '', ''), // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only

// 331-332 -> POP3 settings

'POP3Server' => array('331613168', 'nullstr_fmt', '', ''),

'POP3UserName' => array('331678704', 'nullstr_fmt', '', ''),

'POP3Password' => array('331744246', 'nullstr_fmt', '', 'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent

'POP3AuthUseSPA' => array('331875317', 'ulong_le_fmt', 'bool_re', ''),

'POP3Port' => array('331940841', 'ulong_le_fmt', 'num_re', ''),

'POP3SecureConnection' => array('332006389', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'POP3Timeout' => array('332071913', 'ulong_le_fmt', 'num_re', ''),

'POP3LeaveMailOnServer' => array('332137461', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'POP3RemoveWhenDeleted' => array('332202997', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'POP3RemoveWhenExpired' => array('332268533', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'POP3ExpireDays' => array('332334057', 'ulong_le_fmt', 'num_re', ''),

'POP3SkipAccount' => array('332399605', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'POP3PasswordPrompt' => array('332530677', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

// 338-339 -> SMTP settings

'SMTPServer' => array('338166768', 'nullstr_fmt', '', ''),

'SMTPUserName' => array('338232304', 'nullstr_fmt', '', ''), // NOTE - If SMTPAuthMethod is set to "Use incoming" (value=02) then username/password will be absent

'SMTPPassword' => array('338297846', 'nullstr_fmt', '', 'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent

'SMTPAuthMethod' => array('338428905', 'ulong_le_fmt', 'iaf_am_re', ''),

'SMTPPort' => array('338494441', 'ulong_le_fmt', 'num_re', ''),

'SMTPSecureConnection' => array('338559989', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'SMTPTimeout' => array('338625513', 'ulong_le_fmt', 'num_re', ''),

'SMTPDisplayName' => array('338691056', 'nullstr_fmt', '', ''),

'SMTPOrganizationName' => array('338756592', 'nullstr_fmt', '', ''),

'SMTPEmailAddress' => array('338822128', 'nullstr_fmt', '', ''),

'SMTPReplyToEmailAddress' => array('338887664', 'nullstr_fmt', '', ''),

'SMTPSplitMessages' => array('338953205', 'ulong_le_fmt', 'bool_re', 'iaf_bool'),

'SMTPSplitMessageSize' => array('339018729', 'ulong_le_fmt', 'num_re', ''),

'SMTPSignature' => array('339149808', 'nullstr_fmt', 'regkey_re', ''),

'SMTPPasswordPrompt' => array('339215349', 'ulong_le_fmt', 'bool_re', 'iaf_bool')

);

Do I need to remove my USB safely (and is life too short)?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

I am always equally amused and annoyed by the dumb posts which are trying to be smart by telling me that “Life is too short to remove USB safely”. What’s even worse is that these are usually promoted by highly disorganized people (in my experience). So do you really need to remove USB safely or you can just disconnect it?

Now, as for the joke, it is mediocre at best – so please stop it! Here is my attempt to put a stop to both, the stupid joke, and the belief that you need to safely remove USB drive.

As many people do not know, Windows has a removal policy for USB disk drives and by default it is set on Quick Removal setting. Here is a screenshot of it:

As you can see from the screenshot, the default option is set to Quick Removal and as the description clearly says: Disables write caching on the device and in Windows, but you can disconnect the device safely without using Safely Remove Hardware notification icon.

So what does it mean?

When write-caching is disabled this means that any pending writes to disk drive will be executed immediately. This results in writes to a device being somewhat slower, but at least they are done immediately, when requested. Write-caching speeds up the process for fixed disk drives by queuing the writes for later (when there is more idle disk time available for the task), so the system can accept more writes and schedule pending writes if needed – which as a result speeds up the disk operation for the user, because he/she doesn’t need to wait as long before requesting another disk operation. Eventually, all the writes are executed – but this doesn’t have to be immediately. But this only is enabled by default for fixed drives like hard disks because it makes sense for them and USB (removable) drives usually have a default value set to Quick Removal.

So does that mean you can remove the USB without using the Safely Remove Hardware? Yes!

However, some small precautions should be noted – if you started copying files to a drive – it still needs some time to copy the files. Writes take time. So wait a few seconds until they are executed and the files are stored on USB drive. If USB drive has a LED light – you can see that the drive has finished writing when the LED is off or no longer blinking. If you are unsure, then use the “Safely Remove Hardware” – that will ensure that saving was done properly. If you only read some files from USB drive, then you probably don’t have to care about that.

So, why did Microsoft implement the Quick Removal for USB drives by default? Because life is too short? No, but because people usually don’t read manuals and they are aware that many of them are not using Windows as they should be using it, so they at least tried to make it easier for everyone.

How to remove “Get Windows 10” update notification from system tray (KB3035583)?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

If you are running Windows 7 or Windows 8 you may have seen the “Get Windows 10” icon in the system tray.

If you are annoyed by it (like me), you can remove it easily. Here is how:

1) Press Windows logo key and start typing: Windows Update and press Enter key to open Windows Update window

2) Click on the small link Installed Updates (on the left side)

3) List of updates will open. Now, in the search bar (upper right) type in KB3035583 – that is the number of update responsible for displaying this icon.

4) Click Uninstall and restart your computer when it asks you.

After doing the above the update may reappear in the list of offered updates. If that happens, simply right click on the update and select Hide Update and it won’t be offered again.

Once again Microsoft is pushing sneaky updates described as “Important” and “Recommended Update”. While I welcome their move to offer Windows 10 for free to users, I still think the option to disable the tool or to uninstall it should also be offered, and not pushed to users.

Windows 10 will be free for Windows 7 and Windows 8.1 users

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

During the first year after the release of Windows 10 the upgrade will be free for Windows 7 and Windows 8.1 users. After first year, users will likely be charged for it.

The above news comes from Windows 10: The Next Chapter event.

That news is as much thrill and excitement you’re going to get from this unexciting and dull presentation. Let me summarize the whole event for you and save you over 2 hours of watching time:

First 20 minutes is just blah, blah, blah…
Windows 10 will be free during first year since its release for Windows 7 and Windows 8.1 users. That is good news actually, both for developers and for users. And especially for the developers.
Then the guy with Emo-hairstyle presented Windows 10 Cortana, a copy of Siri from Apple devices. Apparently, Microsoft is very excited about a feature nobody is going to use just like Siri.
Some devices will have free Word, Excel and other Office programs (devices where you cannot actually use it for anything meaningful, that is devices like smartphones or smaller tablets). Larger screen devices where you actually use those programs will have paid version.
Mail application still sucks, but now they added brand new features – swipe to the left to delete message, swipe to the right to flag them. I wonder where have I seen that already? Hmmm…
Internet Explorer is going to be somewhat better (hopefully it will still support third-party apps which use its rendering engine).
Xbox and PC games are gonna be faster, apparently due to DirectX 12 which is very fast, at least from the technical demo.
There was some large screen device for business customers I don’t really care about.
And finally, there was a new VR headset from Microsoft they have been developing for a couple of years (at least now it is apparent why they purchased Minecraft – to demo that device). They believe it is going to change everything. They call 3D graphics you see inside “holograms”. Not the holograms you would expect – a little Princess Leia projected into the air. What a waste of all those development years. Another VR headset ready for the trashcan.
Last 20 minutes is just a pitch about Microsoft being committed to their users, how inspired they are and you know… blah… blah.

Now, don’t get me wrong, I think Windows 10 is actually good and I like them. But the rest… not really.

How to clean up your Inbox

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

New email keeps on coming every day. You carefully read it, file it, archive it, move it to various folders, reply to it, but it just keeps on coming. Forgetting to file one email often means leaving it “for later” and that later never really comes. Time passes and you end up accumulating tons of messages in your Inbox. And you never seem to reach your “Inbox Zero” nirvana. Does this sound familiar?

“Inbox Zero” is actually a great idea but for many, it is hard to achieve, due to just one simple thing – lack of simple habit of cleaning up.

So here are 5 ideas how to clean up your email to eventually reach empty Inbox.

1) Each day, set aside a minute or two to clean up 5-10 emails which are not needed and can be deleted. The key here is to develop a habit. It does not take much time to clean up 5-10 emails. To file them to proper folders or to simply delete them. It may seem overwhelming to see tons of messages in the Inbox and quickly give up, but the fact is that the more you clean it up, the less there will be and with time, just as they accumulated, they will be cleaned up. If you don’t know where to start – start with the oldest ones. They are most likely best candidates to be deleted.

2) Speaking of delete – do not be afraid to use delete. It might seem a good idea to file everything, archive into special folders and so on, but some things are simply not worth keeping. Do not attempt to be perfect, as that will not get you nowhere. Do you file every conversation you had with every person (in real life that is)? Of course not. So why do it with email? Many messages are simply not worth keeping once they have been read.

3) Use the rule – if it is older than 2 years, it will likely never be read again and can be deleted.

4) If you replied to it and there is nothing there to keep, delete it immediately.

5) If you really have to keep some messages, then at least remove them from Inbox. Move them to “Archive” folder or something of that sort. Leaving Inbox empty will remove visual clutter and will give you some sense of accomplishment at the end of a day.

How to install Windows 10 without Microsoft Account

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

When you are prompted to sign in to your Microsoft Account do the following:

1) Click on the small link Create a new account

2) Just below the form for creating Microsoft Account there is again small link called Sign in without a Microsoft account. Click on this link as well.

3) And that’s it – Now you can create a regular local account!

Windows XP end of support – What happens after April 8th, 2014?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

I though I’d take a few moments to write about this topic. As many of you know, April 8th, 2014 has been set as the date when Windows XP extended support will end. So what will happen to existing Windows XP installations as there are still at least 10% of Windows XP installations out there. It may not seem much but it is millions of users.

After the given date, Microsoft will stop publishing security updates for Windows XP which are distributed through the Windows Update system. This means, security patches for the discovered security issues with Windows won’t be published anymore. Of course, the Windows XP won’t stop working after April 8th, but your system could quickly become compromised by malware.

Here is a mechanism hackers will abuse – once a security issue is patched within Windows 7 or Windows 8 and published through Windows Update, hackers will check for these updates, reverse engineer them and check if some of the security issues are shared with Windows XP. If they discover they are, they will attempt to create a so called 0-day vulnerability and as there won’t be no more security updates the vulnerability will essentially stay there forever. As Microsoft publishes patches every Tuesday, this may happen sooner than you may expect. Microsoft will start showing warning dialog on March 8th notifying users of the end of support.

Some sites have reported that the support for anti-malware will be extended to 2015. One of the reasons I write this post is because this has been misinterpreted quite a bit that this means that the security updates will be published until 2015. This is not true – only the anti-malware warnings will be issued. In other words, you’ll be given new buckets but the holes that leak won’t be patched anymore. And the effectiveness of antivirus or antispyware software on compromised system is at best limited. So in the long run, the upgrade to more recent operating system will be required. Of course, having malware on your system means all kinds of security issues, issues like compromising your private data and its integrity.

Will it be possible to continue using Windows XP – it depends – if you don’t need to connect it to Internet or any other network, then you can probably continue to use it. If however you need to connect online (even if it is from time to time) it means the system may be compromised. The time required to be online doesn’t need to be long so even short connection can be enough. My best advice is forget about patches and quick fixes and – upgrade.