False positive Conteban.A!ml detection on DOCX, XLSX, PDF and ZIP files

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

Microsoft has really messed up this time. In the most recent update of Windows Defender Antivirus definitions file (called Security intelligence in Windows 10), it has started flagging some of the DOCX (Microsoft Word), XLSX (Microsoft Excel), PDF (Adobe Reader / Adobe Acrobat) and ZIP (archive format) files as Conteban.A!ml malware. Note that some other types may be reported such as Wacatac.B!ml.

The threat itself is described on https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Conteban.A!ml&ThreatID=2147735506

However, while this is a real threat, the latest Windows Defender Antivirus falsely labels otherwise safe files as malware. The problem can be seen by simply attempting to scan affected file types where Windows Defender will report a detection.

What you should know is that this is a false positive detection. That means the problem does not exist, it incorrectly labels safe files as malware-positive detection. If the same files are scanned by other antivirus programs they turn out as safe.

A quick workaround solution is to click on Protection history and then expand any of the “Threat blocked” items. In the bottom right corner there is Actions drop-down under which there is an Allow option.

But much better (and what I recommend) solution would be to use the application called Feedback Hub which you can find by searching Windows 10 and report this problem back to Microsoft. The more reports they get the sooner they will react and fix the problem they have introduced with this Windows Defender Antivirus update.

Windows 10 May 2020 update (v2004) is a disaster

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!If you haven’t yet updated to Windows 10 May 2020 update (version 2004 / build 19041) you may want to postpone your update for a few months, until some of the issues with the update are addressed.

May 2020 update is feature packed Windows 10 update but it appears it didn’t go without issues. I haven’t personally experienced all of these, but I have experienced some instability when running it – a freezing issue when the system boots up – mouse continues to run and clicks are seemingly happening but the programs aren’t reacting – this particular issue has happened to me twice so far.

Here are some of the other issues users are reporting:

Issues with Chrome

Some users are reporting Chrome logging them out from their Google accounts when they restart their computer, forcing them to log in again.

Firefox issues

Others are reporting flickering issues with Firefox.

Mail for Windows 10 issues

A number of users have also reported a big problem with Mail for Windows 10, when used in combo with Gmail. Emails are being deleted from various Gmail folders. Here is a comment from one user:

“I have been facing an issue with the Windows 10 Mail app linked to a Google account. I have noticed that when I respond to emails, the email I send disappears and cannot be found in sent items, outbox, bin, spam, or anywhere actually. The disappeared email cannot be found on Gmail’s web interface either. It appears that it is automatically deleted and erased from the server.”

Email program called OE Classic doesn’t have these issues so you can use that instead. Another method is to use Gmail’s webmail.

Printer issues

Users have reported loss of printing ability. I have personally experienced this as well – upon installation of May 2020 update, the printer driver was lost so I had to reinstall it. In addition to that, the entire system had to auto-detect drivers for other hardware in the PC again, even though the drivers were already installed and such a thing did not happen with previous major updates.

Tablet mode problems

Some are reporting that Windows 10 is forcing them into tablet mode instead of the regular desktop mode.

Compatibility mode issues

Some users have reported that their device isn’t ready (compatible) with Windows 10 May update, even though it did pass the hardware requirements.

Other issues and conclusion

There were other issues reported by users and you can find some of them by searching for “Windows 10 May update issues”.

Even though May 2020 might be a good update (after a while), it is my opinion that it would be best to wait for a few months until Microsoft weeds out the bugs introduced with this update.

POP3 vs IMAP – What’s the difference and which one is better?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!

So, you’ve got your nice little email program (such as OE Classic), and you want to configure an email account and it offers you a choice between POP (or POP3) and IMAP but you don’t know which one to choose. What is the difference?

First off, both POP and IMAP are email protocols designed to fetch emails from a server. As email is a two-part system, the first part being an email program which you install on your computer, tablet or smartphone, called the email client, and the second part being the email server.

Think of it as a postman and a post office.

The postman (email client) goes to the post office (email server) to fetch some emails. Post offices (email servers) communicate between themselves to send emails and finally a postman on the other end (another email client) fetches the mail from another post office. In reality, it is a bit more complicated than that, but that is the general idea.

To communicate, both the client and the server must agree on a common standard, or protocol – and POP and IMAP are the names of these protocols, and they represent a set of commands (or a vocabulary if you will), designed to make it possible for the client and the server to understand each other.

Now, do not be confused by the name POP3 as that is also just POP, just with the number 3, which indicates the version of the protocol (before POP3 there were POP1 and POP2 which are no longer in use today).

So let’s start with POP protocol.

POP, which stands for Post Office Protocol is the older and simpler of the two protocols and it is designed with a simple goal of fetching emails off of a server by a single email client and then removing them from the server. It is also possible to keep emails on the server but more on that later.

How does POP work?

1) First, an email client connects to the server and authenticates with the username and password you put into its account settings. At that moment, the mailbox on the server is locked and you cannot access it from an another computer or device – POP protocol specifies that another connection is disallowed, while the current one is in use. The lock is there to prevent 2 computers to access the mailbox at the same time as POP is not designed for that. (POP commands used: USER, PASS, APOP).

2) Then it examines the list of messages the server offers and figures out which ones are new. The server replies with the list of messages and their unique identifiers. POP can only check the contents of your Inbox folder messages and that is the only folder it can access usually. (POP commands used: STAT, LIST, UIDL, TOP).

3) After establishing the new messages list, email client proceeds with the download, one message at the time. (POP commands used: RETR, TOP).

4) At the end of the session, email client decides, based on the options you’ve set whether or not it should delete some emails. Deleting messages can happen immediately or after a few days, again depending on the options in your email client. When it is done, it disconnects. (POP commands used: DELE, QUIT).

5) Right after the client has disconnected, the server performs actual deletion of messages (as they cannot be deleted before the QUIT command is sent by the client) and frees the connection for another email client (or a repeated connection by the same email client).

All of the above happens very quickly due to POP protocol being very lightweight and simple.

How does IMAP work?

1) Just like with POP, an email client connects to the server and authenticates with your username and password. (IMAP commands used: LOGIN).

2) At this point an email client can choose which folder (also called mailbox) it wants to access and selects that mailbox. For example that folder might be the “Inbox”, “Junk”, “Trash” or any other folder available on the server. (IMAP commands used: SELECT).

3) Then, usually it fetches the list of messages in the selected folder and updates the local list it already has, removing the messages which are no longer present and adding the new ones to the local list. In other words, it synchronizes local list to match the server list. (IMAP commands used: FETCH).

4) Since IMAP is more complicated, now a few things can happen – an email program can continue checking other folders like “Sent”, “Deleted”, “Drafts”, “Junk” and so on, so it might return to the step 2 in this example. In that process it will again update local lists and synchronize it with the server message list. However, it can also choose to remain idle in the current folder and remain connected, waiting for new messages to arrive. You can also search for messages in folders as IMAP also offers search capability. (IMAP commands used: IDLE, SELECT, FETCH, SEARCH).

5) As IMAP is designed to be “always online” any messages you download are just stored temporarily, as a cache, to avoid downloading it again. If a message is deleted from the server, for example by another email program or device, the currently running program will simply update its cache to reflect the changes done on the server the next time it synchronizes the folder. Note that unlike POP, IMAP doesn’t prevent other clients to connect at the same time. Multiple connections may happen and they will eventually be synchronized between each other.

6) If you delete a message, the deletion happens immediately and the change is again synchronized with every other client or device connected at the same time. The same happens if another email client deletes a message – eventually it is synchronized to your email program and you see the change as well. Additionally, IMAP supports flags such as \Seen, \Draft, \Deleted, \Answered, \Flagged, common among email clients to indicate if the message is read, draft, deleted, replied and flagged (starred), respectively. (IMAP commands used: COPY, MOVE, STORE, EXPUNGE).

7) At a certain point you decide to disconnect from the server and your synchronization then stops and resumes the next time you connect to the server. If your email client has cached the messages they can be still read, while offline, but if the messages are not cached, an Internet connection will be required to read them. Also, if you decide to move message to another folder or delete them, an Internet connection will again be required as the change cannot be performed while being offline.

So unlike the POP protocol which is like fetch-and-delete kind of protocol better suited for offline use on a single device, IMAP is more like always-online protocol which just shows you a window into the messages stored on the server (or in the cloud, if you will).

What about advantages and disadvantages of both and how to choose one?

The choice really depends on your situation.

To put it simply:

If your goal is just to download messages on a single computer and remove them from server, then POP is an easy choice, giving you just that. It is designed to be fast and simple for use on a single device.
If you want to synchronize or use multiple devices or computers and you want to have identical copy of your email on each of those devices, including all of the folders and messages, then you can use IMAP instead.

Advantages of POP

– It is fast and lightweight and uses less bandwidth (may not be an issue nowadays with fast connections but might be an issue in a rural area or with a mobile connection). This also makes it easier choice when access to the Internet is not available all the time.

– It downloads messages from server onto your computer.

– You have a local copy of messages which means you can read them even if you are disconnected from the Internet.

– Emails are removed from the server so if your email account is hacked nobody can read your older emails as they are downloaded onto your computer. Note though that many email programs (including OE Classic), allow you to leave a copy of messages on the server and delete after a certain time has passed. Option like this can help you download email onto multiple computers.

– Organizing your email is much faster as they are basically just local files so there isn’t a need to communicate the change with the server. So it can be done while offline as well.

– If you lose access to your email account or your email account is hacked, your emails are stored on your disk drive and are not in the cloud (on the server).

– The size of the mailbox only depends on the size of your disk drive and you don’t have to pay for the extra space on the server. Also, if your server offers low storage capacity POP will help you keep that storage clean if you choose to delete messages from server after downloading them.

Disadvantages of POP

– Since it usually deletes messages from the server, you have to have a backup plan for your emails. If your disk drive fails for any reason, so will your messages as well as they are just files on the disk drive. Note that this applies to all of your data which you store on your disk drive, not just emails.

– It does not synchronize server folders and messages. The only folder it has access to is the “Inbox” folder but it is not synchronized. Even though many email clients (including OE Classic) allow you to leave a copy of messages on the server and with that option enabled it is possible to download emails onto multiple computers, when you want to delete a message from one computer it is not deleted from all of them so they are not synchronized. This is especially a problem if you want to use email from multiple devices like mobile phone, computer, tablet and want to have identical copy of all folders and messages across all of your devices.

– It only can access “Inbox” folder unlike IMAP, so if your emails end up in the server “Spam” folder you cannot see them – you have to use webmail or IMAP to fetch “Spam” folder messages as well. Although some POP servers do offer tricks to fetch messages from different folders, this is not really a rule and many of them don’t so the lack of access to the server folders makes it a disadvantage.

– If you lose your computer data, have your device stolen, broken etc., your emails will be lost with it unless you have a backup. The same goes if your email folders are damaged. Having a backup is important.

Advantages of IMAP

– If you use multiple computers or devices you can have your email folders and messages synchronized between these devices – if you delete a message, add or rename a folder, receive a message, change the message status from read to unread or add a flag – all of these changes are registered across all of the devices connected to that email account, when they synchronize. So you can access it on the go or in the office (or at home).

– Your messages are backed up in the cloud so aside from local cached copy there is also a cloud (server) copy. Servers, if properly maintained, are regularly backed up so your emails are safer that way.

– More people can use the same mailbox and organize/delete/flag messages. This makes it a better choice for single mailbox shared between team members, for example if a single company mailbox is answered by multiple employees.

Disadvantages of IMAP

– IMAP involves much more communication with the server so it will eat up more bandwidth and Internet. Also, as each change has to be registered (synchronized) with the server, it is slower, so it depends on your Internet speed and server speed. Servers which are unstable or slow might cause problems so the server has to be good as well.

– If your server is unreachable, hacked, or if you’re offline, you cannot read your email except the cached messages in your email client. If messages have not been cached, you won’t be able to read them. You also cannot organize your emails while offline – move, copy, flag, mark as read, all of these operations require to be synchronized with the server so you have to be online to perform them.

– If you lose access to your email account, you may also lose access to all of your messages, again, unless they have been cached locally.

– The size of your mailbox depends on the amount of disk space you have available on your email server and you may need to pay for the extra space if it is not sufficient.

CoinMiner now uses your computer to mine for Bitcoins

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!Now this is interesting – with the rise of popularity of cryptocurrencies such as Bitcoin or Ethereum, it was only a matter of time until someone figured out that someone else’s PC processor can be used as their own Bitcoin mining slave. So the new CoinMiner trojan installs itself onto an affected PC computer and starts mining for Bitcoins. This results in a jump of CPU usage to 100%, reduced responsiveness of the operating system as well as increased electricity bills and Internet data traffic, slowing everything else down.

Up until this point, I’ve only seen the direct extortion like encrypting files and asking for ransom money for the decryption code. But this one actually mines for Bitcoins using your own CPU so it makes its own money so you don’t have to pay directly. How convenient. But I only wish that would be the the worst it can do.

Trouble is, you can never be too sure with these guys and it can do a whole lot worse, like – take control of your files and essentially do whatever it wants with them. Or take control of your Internet banking. Or credit cards. Or…

CoinMiner uses the exact same vulnerability like the recently active WannaCry malware used to get into a computer – already discovered and patched EternalBlue vulnerability affecting mostly unpatched Windows XP and Windows Vista computers. Sadly, too many people don’t take this seriously enough and they continue to use both Windows XP and Vista, even now when they have both been discontinued and security updates have stopped for a long time. Even worse, same people mislead themselves into thinking that they are protected if they install antivirus software. Recently – I also discovered that even the so called SafeZone web browser by Avast (also called Avastium) has its own security vulnerabilities by overriding some of the default settings of Chromium web browsing engine it uses. Installing antivirus on a compromised system can’t help much, especially today when antiviruses introduce vulnerabilities of their own – the case with SafeZone is not the only one, it is just one of the many.

These things are not going to go away. If anything – they will get only worse.

And the solution is so simple – just upgrade to the supported version of Windows (at the time of this writing – 7, 8 and 10) and do not disable automatic Windows updates. And of course, use some common sense when installing other programs on your computer (and update them regularly as well). How hard can it be, really?

Windows 10 S or Microsoft’s another attempt to become Google (or Apple)

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!Well, Microsoft has done it again – this time they call it Windows 10 S and it is supposed to be lightweight Windows 10 which should be safer and prolong laptop/tablet battery life. The way I see it that is where the benefits end. What goes on further is only Microsoft’s attempt to serve their own agenda, not their user’s needs. Here is why:

The sales pitch

The sales pitch is that this is the perfect new Windows for educational purposes. So they want students to learn on Windows, rather than Chromebooks which currently dominate the US school system – primarily because of their price. So they created comparatively expensive tablet and put the stripped down version of Windows on it. I am not sure how that will play out for the education market, but I am not so sure it is the most magical mix of ingredients for the perfect sales formula.

Bing and Edge, without a choice

Bing will be default search engine and Edge will be default web browser. You cannot change them. You prefer Google? You can still create a bookmark but you cannot change search engine in Edge browser. You prefer Firefox or Chrome? Maybe both will one day exist on Windows 10 S but they will use Edge rendering engine and not their own. This is similar to Apple model but the difference is that when Firefox and Chrome entered iOS AppStore, they gained user-base from already well built AppStore. This is not the same with Windows Apps Store which, at the moment is a wasteland. So, on the one hand, Microsoft wants you to stop using Google as search engine and switch to the inferior Bing engine and wants to be Google. On the other hand it wants to have full control over the apps which are published for the Windows and wants to be Apple. But if this is not enough for you and you want to run Win32/non-store Apps, you still have an option to upgrade it to Windows 10 Pro for the small cost of $49 (or return the laptop/tablet to BestBuy).

Confusion and more confusion

Microsoft positions Windows 10 S right between the Windows 10 Home and Windows 10 Pro indicating somehow that Windows 10 S is better than Home version and worse than Pro version. In fact, with Windows 10 Home or Pro you can run Windows desktop apps (or Win32 apps), which you cannot do with Windows 10 S which makes Windows 10 S the worse of the pack. The only apps you can run on Windows 10 S are the ones which are published on Windows Apps Store. So you might imagine that someone might purchase Windows 10 S thinking that they got something better than Windows 10 Home just to end up with having no choice other than the Windows Store Apps, looking for inefficient replacement for the already well developed non-store apps. And there are way too many good programs to be listed here which simply are not present on Windows App Store.

Not the first time

This is not the first time Microsoft has attempted something like this. Last time it was called Windows RT. As of today, this operating system is discontinued. Is this the fate of the new Windows 10 S? Time will tell. Odds are not great in Microsoft’s favor.

What to do?

For now, and I am not the only one who thinks the same – I would wait and avoid it. Windows 10 Home or Pro are simply the better choice being able to run all the Windows apps. Even though, there is an upgrade option to purchase upgrade to Windows 10 Pro ($49), this still doesn’t look like a great deal to me. I know that Microsoft wants developers to switch immediately to Windows App Store. But many will wait how the situation unfolds. And if that happens in sufficient amount, Windows App Store will remain as it is today – a comparatively minor and irrelevant App Store. Let’s wait a year or two to see if Windows 10 S will be discontinued or not. An awfully lot of time to wait in the computer software industry.

But in the meantime, I would recommend getting Windows 10 Home or Windows 10 Pro instead and saving yourself lots of trouble (and money). Come to think of it, maybe that is exactly what they wanted you to do?

How to backup computer data

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!At OE Classic we care a great deal to keep our data safe, but we also care to teach you of our best practices so you can learn from us. So with this short introduction, here is how we handle our data backup – an info you can use to do your own data backups.

First of all, we separate our data into critical and non-critical. Critical is something where we would quickly go out of business if it was lost. An example of such a thing is OE Classic source code. This is separated into special folder (with appropriate sub-folders). Everything else is non-critical. If non-critical data is lost, it can be found somewhere, purchased or rebuilt in a short time. These are mostly purchases we did. The separation keeps the amount of critical data to the minimum so it can be distributed easier to more backup locations which plays an important role.

Note that we probably overdo our backups a bit – but – hearing so many horror stories of data loss and companies going out of business as a result of that – we cannot afford to lose data. Better safe than sorry. So here goes.

Critical data backup

Critical data is saved to a few different online cloud backup locations. Locations like – Dropbox, Google Drive, Microsoft OneDrive and Mega. Each of these cloud providers stores data in various data centers, located around the entire planet. This ensures data is located around the world. What we use this for is critical data such as OE Classic source code and other files very difficult to produce. The data is not left in plain-sight, it is always encrypted using heavy encryption and the key-code is always kept in an offline location with backup of the key-code in QR code format and plain-text on paper as well as in our smartphones. The location of all these servers is not always known to us but we do know that they are in various locations within the USA, Europe, New Zealand and Australia.

One of the most important aspects of a good backup is to have it in various locations and cloud made this extremely easy – if disaster happens in one location, it won’t happen in all. When I am talking about a disaster I think of – malware, hard disk failure, system being compromised by malicious attacker, as well as natural catastrophes such as earthquakes, solar flares causing EMP, floods, fires and so on.

As I already mentioned, the data is encrypted with our own strong encryption code. As it used to happen before the data from various cloud providers has been compromised, even if they used encryption. Leaving the data in the open is therefore not a good idea for cloud backup. If cloud storage provider is compromised – our data is safely encrypted and the attacker cannot do a thing with it except look at bunch of useless encrypted code which would take thousands of years to decrypt with the brute-force techniques and the given key-code length.

Local backup

Locally, we store data on backup hard drives. This is for critical and non-critical data. For this we use 2 small and light 2.5″ USB 3.0 hard disks. They are tiny, easy to carry around and thanks to USB 3.0 quick to do a backup. They are also very affordable and if one breaks it can easily be replaced. These two disks are kept at two different locations, one in the office and another away from the office at another location. If earthquake, flood, fire or anything of that kind strikes, at least one local copy should remain safe. Disks are filled and when filled – their location is swapped.

Server data backup

Our servers do automatic backup in a RAID array as well as regular automated backup of user database and we also do occasional update to our local/critical backup of server database. So we safeguard user data too, having in mind the purchase price means investment into our software or services.

DVD backup

Additionally, we keep a copy on DVD disks too, again encrypted for easily discarding the disks later when they are out of date. Optical media can survive EMP blast (coming from a nuclear attack or much more likely – solar flare), even if hard disks would not. And we’re thinking of making or purchasing a cheap Faraday cage to keep our disks safe too. As it appears Faraday cages are quite easy to make, it can be just a simple box wrapped entirely in aluminum foil or a metal cookie jar, as long as the disk is isolated from the conductive material. There are also readily available anti-static bags to purchase. More than good enough for protection purposes. Optionally, it can be grounded (even though there will likely be minimal difference in protection of the disk inside).

Of course, a few of the methods described above are on the paranoid side. But then again, if they are easy or practical to implement – why not – it is usually just a small change of habit.

Now when you’ve learned how we do backups at OEClassic.com apply it to your own backups to keep your data safe!

IAF File Format Specification And Field ID Assignment Table

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!IAF is a file format used for importing and exporting account information in Microsoft Outlook Express 6, Microsoft Windows Mail (Windows Vista), Microsoft Windows Live Mail and older versions of Microsoft Outlook. It can be decoded by code already available on the Internet. Here are a few links to the decoder code:

The above code works just fine however it has a problem – a good number of IAF fields are not recognized, especially for Windows Live Mail IAF file format. So here is my update on this topic and most up to date list of fields I could come up with. Also, this post contains a bit of documentation on IAF file format because I found that it is rather hard to find online and Microsoft never revealed IAF file format specification (to my knowledge – correct me if I am wrong).

Essentially, IAF comes in 2 flavors:

WideChar version (16-bit characters – UTF-16LE format), used by Windows Mail and Windows Live Mail
NarrowChar version (8-bit characters, encoded in specific charset encoding – usually the same like OS charset) used by Outlook Express 6 and older Microsoft Outlook

For NarrowChar version assignment of Field IDs is more or less known and available in the decoder code above. However, for the WideChar version, not all fields are recognized.

The above code contains a list of Field IDs with their names and assignment. The purpose of this post is to complement that list with some additional Field IDs and offer additional explanation of how the fields are organized – which can help in further reverse engineering of the IAF file format.

From what I could discover, it appears that the Field IDs are 9-digit numbers organized into sections which begin with certain 3-digit number which I will call “sections”. Between the Field IDs there are gaps, probably left intentionally for future upgrades to the file format without breaking the old format. The Field ID ranges are organized as following:

305-306 – General settings section
311-314 – IMAP settings section
321-323 – HTTP settings section
325-326 – NNTP settings section
331-332 – POP3 settings section
338-339 – SMTP settings section

The numbers above represent only the first 3 digits of a 9-digit Field ID, so for example, a full Field ID might be:

305464304 – belongs to “General settings” section and is Field ID for AccountName.
311952368 – belongs to “IMAP settings” section and is Field ID for IMAPServer.

The bold part of the Field ID number above represents the number from the above section range. This is similar for all other fields as defined in the list.

So, as promised above – here is full list of the Field IDs, including the ones missing from the above decoder code. You will notice that some fields are still unknown.

Unknown fields have an “UNKNOWN” in the comment and are prefixed by “GENERAL-“, “IMAP-“, “HTTP-“, and “NNTP-“. As it seems, there are no unknown fields in the POP3 and SMTP sections that I have discovered so far.

If you know what the UNKNOWN fields are used for or if you have additional ones to complement this list, please do leave a comment below this post to help in reverse engineering of the IAF file format so that a fully featured decoder can be written at last. I will of course update this post with the latest up-to-date table and share it with everyone.

The list is public domain and you are free to use in your code, for any purposes, commercial or any other (I would be happy if you notify me about it, but this is not needed).

You can also decode your own IAF files (for example, if you want to extract forgotten password) with the online decoder found here:
https://www.oeclassic.com/iaf-decoder

// Example IAF header
// "\x66\x4D\x41\x49\x00\x00\x05\x00\x01\x00\x00\x00"
// Offs 00-03 = 'fMAI' (IAF magic string)
// Offs 04-05 = 0000
// Offs 06    = 05 or 07 (05=Outlook Express format/8-bit char, 07=Unicode Windows Mail/Windows Live Mail format/UTF-16LE char)
// Offs 07    = 00
// Offs 08    = 00 or 01 or 02 (00=News acount, 01=IMAP/POP3 account, 02=Active Directory/LDAP account)
// Offs 09-0a = 000000

// IAF fields - PHP code
private $_fieldsTable = array(

// 305-306 -> General settings
'AccountName'              => array('305464304', 'nullstr_fmt',  '',          ''),
'TemporaryAccount'         => array('305595369', 'ulong_le_fmt', 'bool_re',   ''),
'GENERAL-305660911'        => array('305660911', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only?
'ConnectionType'           => array('305726441', 'ulong_le_fmt', 'iaf_ct_re', ''),
'ConnectionName'           => array('305791984', 'nullstr_fmt',  '',          ''),
'ConnectionFlags'          => array('305857513', 'ulong_le_fmt', 'num_re',    ''),
'AccountID'                => array('305988592', 'nullstr_fmt',  '',          ''),             // Win32-Outlook-IAF fix
'BackupConnectionName'     => array('306054128', 'nullstr_fmt',  '',          ''),
'MakeAvailableOffline'     => array('306185193', 'ulong_le_fmt', 'bool_re',   ''),
'ServerReadOnly'           => array('306316277', 'ulong_le_fmt', 'bool_re',   ''),
'GENERAL-306381801'        => array('306381801', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail

// 311-314 -> IMAP settings
'IMAPServer'               => array('311952368', 'nullstr_fmt',  '',          ''),
'IMAPUserName'             => array('312017904', 'nullstr_fmt',  '',          ''),
'IMAPPassword'             => array('312083446', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'IMAPAuthUseSPA'           => array('312214517', 'ulong_le_fmt', 'bool_re',   ''),
'IMAPPort'                 => array('312280041', 'ulong_le_fmt', 'num_re',    ''),
'IMAPSecureConnection'     => array('312345589', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPTimeout'              => array('312411113', 'ulong_le_fmt', 'num_re',    ''),
'IMAPRootFolder'           => array('312476656', 'nullstr_fmt',  '',          ''),
'IMAPUseLSUB'              => array('312673269', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPPolling'              => array('312738805', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPFullList'             => array('312804341', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPStoreSpecialFolders'  => array('313000949', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPSentItemsFolder'      => array('313066480', 'nullstr_fmt',  '',          ''),
'IMAPDraftsFolder'         => array('313197552', 'nullstr_fmt',  '',          ''),
'IMAPPasswordPrompt'       => array('313525237', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPDirty'                => array('313590761', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPPollAllFolders'       => array('313656309', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'IMAPDeletedItemsFolder'   => array('313721840', 'nullstr_fmt',  '',          ''),             // added from Vista
'IMAPJunkEmailFolder'      => array('313787376', 'nullstr_fmt',  '',          ''),             // added from Vista
'IMAPInboxFolder'          => array('313852912', 'nullstr_fmt',  '',          ''),             // added from Windows Mail and Windows Live Mail
'IMAP-313918453'           => array('313918453', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-313983989'           => array('313983989', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-314049525'           => array('314049525', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-314115061'           => array('314115061', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'IMAP-314180597'           => array('314180597', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail

// 321-323 -> HTTP settings
'HTTPServer'               => array('321782768', 'nullstr_fmt',  '',          ''),
'HTTPUserName'             => array('321848304', 'nullstr_fmt',  '',          ''),
'HTTPPassword'             => array('321913846', 'nullstr_fmt',  '',          'iaf_password'),
'HTTPPasswordPrompt'       => array('321979381', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPAuthUseSPA'           => array('322044905', 'ulong_le_fmt', 'bool_re',   ''),
'HTTPFriendlyName'         => array('322110448', 'nullstr_fmt',  '',          ''),
'HTTPDomainIsMSN'          => array('322175989', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPPolling'              => array('322241525', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPAdBarURL'             => array('322307056', 'nullstr_fmt',  '',          ''),
'HTTPShowAdBar'            => array('322372597', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPMinPollingInterval'   => array('322438135', 'ulong_le_fmt', 'num_re',    ''),
'HTTPGotPollingInterval'   => array('322503669', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'HTTPLastPolledTime'       => array('322569207', 'ulong_le_fmt', 'num_re',    ''),
'HTTP-322634741'           => array('322634741', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'HTTP-323552245'           => array('323552245', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Vista
'HTTP-323683317'           => array('323683317', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail
'HTTP-323748853'           => array('323748853', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail

// 325-326 -> NNTP settings
'NNTPServer'               => array('325059568', 'nullstr_fmt',  '',          ''),
'NNTPUserName'             => array('325125104', 'nullstr_fmt',  '',          ''),
'NNTPPassword'             => array('325190646', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'NNTPAuthMethod'           => array('325321717', 'ulong_le_fmt', 'iaf_am_re', ''),
'NNTPPort'                 => array('325387241', 'ulong_le_fmt', 'num_re',    ''),
'NNTPSecureConnection'     => array('325452789', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPTimeout'              => array('325518313', 'ulong_le_fmt', 'num_re',    ''),
'NNTPDisplayName'          => array('325583856', 'nullstr_fmt',  '',          ''),
'NNTPOrganizationName'     => array('325649392', 'nullstr_fmt',  '',          ''),
'NNTPEmailAddress'         => array('325714928', 'nullstr_fmt',  '',          ''),
'NNTPReplyToEmailAddress'  => array('325780464', 'nullstr_fmt',  '',          ''),
'NNTPSplitMessages'        => array('325846005', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPSplitMessageSize'     => array('325911529', 'ulong_le_fmt', 'num_re',    ''),
'NNTPUseGroupDescriptions' => array('325977077', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPPolling'              => array('326108149', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTPPostingFormat'        => array('326173673', 'ulong_le_fmt', 'iaf_pf_re', ''),
'NNTPSignature'            => array('326239216', 'nullstr_fmt',  'regkey_re', ''),
'NNTPPasswordPrompt'       => array('326304757', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'NNTP-326370281'           => array('326370281', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only
'NNTP-326632425'           => array('326632425', 'nullstr_fmt',  '',          ''),             // UNKNOWN - added from Windows Mail and Windows Live Mail - NNTP only

// 331-332 -> POP3 settings
'POP3Server'               => array('331613168', 'nullstr_fmt',  '',          ''),
'POP3UserName'             => array('331678704', 'nullstr_fmt',  '',          ''),
'POP3Password'             => array('331744246', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'POP3AuthUseSPA'           => array('331875317', 'ulong_le_fmt', 'bool_re',   ''),
'POP3Port'                 => array('331940841', 'ulong_le_fmt', 'num_re',    ''),
'POP3SecureConnection'     => array('332006389', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3Timeout'              => array('332071913', 'ulong_le_fmt', 'num_re',    ''),
'POP3LeaveMailOnServer'    => array('332137461', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3RemoveWhenDeleted'    => array('332202997', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3RemoveWhenExpired'    => array('332268533', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3ExpireDays'           => array('332334057', 'ulong_le_fmt', 'num_re',    ''),
'POP3SkipAccount'          => array('332399605', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'POP3PasswordPrompt'       => array('332530677', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),

// 338-339 -> SMTP settings
'SMTPServer'               => array('338166768', 'nullstr_fmt',  '',          ''),
'SMTPUserName'             => array('338232304', 'nullstr_fmt',  '',          ''),             // NOTE - If SMTPAuthMethod is set to "Use incoming" (value=02) then username/password will be absent
'SMTPPassword'             => array('338297846', 'nullstr_fmt',  '',          'iaf_password'), // NOTE - Windows Live Mail does not export passwords so this field can be absent
'SMTPAuthMethod'           => array('338428905', 'ulong_le_fmt', 'iaf_am_re', ''),
'SMTPPort'                 => array('338494441', 'ulong_le_fmt', 'num_re',    ''),
'SMTPSecureConnection'     => array('338559989', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'SMTPTimeout'              => array('338625513', 'ulong_le_fmt', 'num_re',    ''),
'SMTPDisplayName'          => array('338691056', 'nullstr_fmt',  '',          ''),
'SMTPOrganizationName'     => array('338756592', 'nullstr_fmt',  '',          ''),
'SMTPEmailAddress'         => array('338822128', 'nullstr_fmt',  '',          ''),
'SMTPReplyToEmailAddress'  => array('338887664', 'nullstr_fmt',  '',          ''),
'SMTPSplitMessages'        => array('338953205', 'ulong_le_fmt', 'bool_re',   'iaf_bool'),
'SMTPSplitMessageSize'     => array('339018729', 'ulong_le_fmt', 'num_re',    ''),
'SMTPSignature'            => array('339149808', 'nullstr_fmt',  'regkey_re', ''),
'SMTPPasswordPrompt'       => array('339215349', 'ulong_le_fmt', 'bool_re',   'iaf_bool')
);

Do I need to remove my USB safely (and is life too short)?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!I am always equally amused and annoyed by the dumb posts which are trying to be smart by telling me that “Life is too short to remove USB safely”. What’s even worse is that these are usually promoted by highly disorganized people (in my experience). So do you really need to remove USB safely or you can just disconnect it?

Now, as for the joke, it is mediocre at best – so please stop it! Here is my attempt to put a stop to both, the stupid joke, and the belief that you need to safely remove USB drive.

As many people do not know, Windows has a removal policy for USB disk drives and by default it is set on Quick Removal setting. Here is a screenshot of it:

As you can see from the screenshot, the default option is set to Quick Removal and as the description clearly says: Disables write caching on the device and in Windows, but you can disconnect the device safely without using Safely Remove Hardware notification icon.

So what does it mean?

When write-caching is disabled this means that any pending writes to disk drive will be executed immediately. This results in writes to a device being somewhat slower, but at least they are done immediately, when requested. Write-caching speeds up the process for fixed disk drives by queuing the writes for later (when there is more idle disk time available for the task), so the system can accept more writes and schedule pending writes if needed – which as a result speeds up the disk operation for the user, because he/she doesn’t need to wait as long before requesting another disk operation. Eventually, all the writes are executed – but this doesn’t have to be immediately. But this only is enabled by default for fixed drives like hard disks because it makes sense for them and USB (removable) drives usually have a default value set to Quick Removal.

So does that mean you can remove the USB without using the Safely Remove Hardware? Yes!

However, some small precautions should be noted – if you started copying files to a drive – it still needs some time to copy the files. Writes take time. So wait a few seconds until they are executed and the files are stored on USB drive. If USB drive has a LED light – you can see that the drive has finished writing when the LED is off or no longer blinking. If you are unsure, then use the “Safely Remove Hardware” – that will ensure that saving was done properly. If you only read some files from USB drive, then you probably don’t have to care about that.

So, why did Microsoft implement the Quick Removal for USB drives by default? Because life is too short? No, but because people usually don’t read manuals and they are aware that many of them are not using Windows as they should be using it, so they at least tried to make it easier for everyone.

How to remove “Get Windows 10” update notification from system tray (KB3035583)?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!If you are running Windows 7 or Windows 8 you may have seen the “Get Windows 10” icon in the system tray.

If you are annoyed by it (like me), you can remove it easily. Here is how:

1) Press Windows logo key and start typing: Windows Update and press Enter key to open Windows Update window

2) Click on the small link Installed Updates (on the left side)

3) List of updates will open. Now, in the search bar (upper right) type in KB3035583 – that is the number of update responsible for displaying this icon.

4) Click Uninstall and restart your computer when it asks you.

After doing the above the update may reappear in the list of offered updates. If that happens, simply right click on the update and select Hide Update and it won’t be offered again.

Once again Microsoft is pushing sneaky updates described as “Important” and “Recommended Update”. While I welcome their move to offer Windows 10 for free to users, I still think the option to disable the tool or to uninstall it should also be offered, and not pushed to users.

Windows 10 will be free for Windows 7 and Windows 8.1 users

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!During the first year after the release of Windows 10 the upgrade will be free for Windows 7 and Windows 8.1 users. After first year, users will likely be charged for it.

The above news comes from Windows 10: The Next Chapter event.

That news is as much thrill and excitement you’re going to get from this unexciting and dull presentation. Let me summarize the whole event for you and save you over 2 hours of watching time:

First 20 minutes is just blah, blah, blah…
Windows 10 will be free during first year since its release for Windows 7 and Windows 8.1 users. That is good news actually, both for developers and for users. And especially for the developers.
Then the guy with Emo-hairstyle presented Windows 10 Cortana, a copy of Siri from Apple devices. Apparently, Microsoft is very excited about a feature nobody is going to use just like Siri.
Some devices will have free Word, Excel and other Office programs (devices where you cannot actually use it for anything meaningful, that is devices like smartphones or smaller tablets). Larger screen devices where you actually use those programs will have paid version.
Mail application still sucks, but now they added brand new features – swipe to the left to delete message, swipe to the right to flag them. I wonder where have I seen that already? Hmmm…
Internet Explorer is going to be somewhat better (hopefully it will still support third-party apps which use its rendering engine).
Xbox and PC games are gonna be faster, apparently due to DirectX 12 which is very fast, at least from the technical demo.
There was some large screen device for business customers I don’t really care about.
And finally, there was a new VR headset from Microsoft they have been developing for a couple of years (at least now it is apparent why they purchased Minecraft – to demo that device). They believe it is going to change everything. They call 3D graphics you see inside “holograms”. Not the holograms you would expect – a little Princess Leia projected into the air. What a waste of all those development years. Another VR headset ready for the trashcan.
Last 20 minutes is just a pitch about Microsoft being committed to their users, how inspired they are and you know… blah… blah.

Now, don’t get me wrong, I think Windows 10 is actually good and I like them. But the rest… not really.