How to reinstall Windows 7 and get your drivers back

When the worst happens, and your computer won’t boot, and Windows 7 is unrepairable, you are faced with the frustrating task of reinstalling Windows. There is often a recovery partition that you can use to go back to factory settings. However, you might want a clean install of Windows, without all the crapware bundled by the manufacturer, plus you usually have to install Windows 7 Service Pack 1. One of the frustrations of reinstalling Windows from DVD, especially on laptops, is that many device drivers are missing after you reinstall, and you have to go to the manufacturers website to download them again, not so easy if you are missing LAN/WiFi drivers…

Sometimes it is a pain even if you know what you are doing. If you look in device manager, right-click on the device that is missing its driver, click properties, details, and then change the drop-down to hardware IDs, you can see a VEN_ID and DEV_ID value, eg for a missing driver on a laptop I’m working on, it  shows PCI\VEN_168C&DEV_0032&CC_0280. There is a great website to look these up, the PCI Vendor and Device Database. This can be a good way to find drivers when the PC manufacturers website is terrible. For the example I gave, this shows the vendor is Atheros, and the Device is an AR9485WB-EG. In this case, both the Asus and Atheros websites were of no help, so I found another solution.

If you can still get data off your old (or about to be formatted) hard drive, you can also get the drivers. Here is the procedure:

  • Copy the following two folders to a removable drive. I’m not sure both are needed, but both contain driver files.
  • If you are re-installing due to malware, you need to scan this device for malware using a secure fully patched and protected PC, and preferably by using a Linux live CD or Virtual Machine.
  • Reinstall Windows 7
  • Insert the removable drive
  • In device manager, right-click the device without a driver, and choose update driver software. A dialogue will ask if you want to search automatically or browse my computer. Choose browse my computer and look for the removable drive. From there, Windows 7 will cleverly find the right driver from the list. Repeat this until all the devices have drivers.
    In one case, the driver installed failed on the first run, because it depended on another one being installed first, but it installed fine after a reboot.

Police powers to snoop on email, social media and phone

New legislation being drafted will force Internet providers to retain data for a year and hand this over to police, intelligence agencies and HM Revenue & Customs. The argument being that this will enable them to counter terrorism, paedophilia and fraud. So, how will this be implemented.

“The data would include the duration, time originator and recipient of a communication and the location of the device from which it was made. It would not include the content of messages – what is being said. Officers would need a warrant to see that. ”

The first question would be, does the data stored have to include the content of the messages. It is unclear whether ISPs are required to do this.

Secondly, what would be done about encrypted conversations. Certain protocols could be deciphered if the ISP installs a “middle-man” certificate, or would decipher messages on request. Eg, Gmail provides encryption for users. If both recipient and sender are using gmail, email messages intercepted would be in encrypted form, and not easily cracked without access to Google’s certificate. These powers are UK powers, so would the UK authorities have the power to access a foreign company’s encryption certificate?  Google pulled out of China when the Chinese government tried to censor search results.

However, the real question is whether it would make a difference to serious criminal organisations, and I would say no. Criminal organisations are already using means to evade surveillance. They use zombie PCs (botnets) where unsuspecting users’ pcs are hijacked for criminal purposes. This is commonly fraud, but could also be used for other purposes. You can also buy your own encryption certificates, or use “self-signed” ones. There is no known way to decrypt a strongly password protected certificate in a reasonable timeframe.

The use of encryption also avoids the automated scanning of millions of emails for keywords etc. Finding criminals these way would be like finding a needle in a haystack, when you don’t even know which barn the haystack is in.

Heavy handed legislation only makes life more difficult for the law-abiding. Just like the annoying copyright notices you see in some DVDs are not even seen by criminals, as they edit that bit out, but the innocent purchasers of DVDs are forced to watch this.

Criminals are usually found out by talking to people.

How to spot a bogus email or “phishing” attack

There are many dodgy emails we receive in our inboxes. Often, they appear to come from a bank, PayPal or even the police. Typically, they ask us to click on a link to update our details. Often, they warn of dire consequences if we fail to obey. They will close our account, it will cost us money, the police will come knocking on our door!

This is quite scary for people, so I will give 4 pointers on what to look for to detect genuine emails from the fraudulent ones.

First rule: trust no-one. I mean an email that comes in, even from a friend, might have been initiated by a virus on your friend’s computer.

Second rule: Is the message using your full name? I received a few messages claiming to come from banks or PayPal, but start “dear customer.” If it really is your bank or PayPal account, they will address you by name.

Third rule: Were you expecting an email from said organisation? If you signed up for an account a minute earlier, then you would expect it. If it turns up out of the blue, put your cautious hat on.

Fourth rule: Don’t click on links if you can help it. If it claims to be from one of your accounts, instead of clicking the link, why not just log into PayPal (or whatever site) the way you usually do, by going to their website via your favourites/bookmarks.

Vista Black Edition – this is counterfeit, avoid

In the last 48 hours, I have had two customers come to me with computers with Vista “Black Edition.” This is a hacked version of Vista, aimed at gamers and hackers. It is not genuine, is not supported by Microsoft and if you have paid for a copy, you should go back to whoever sold it to you and ask for your money back. There can be problems with Windows Update and this can leave your computer wide open to viruses and other malware. As the software is modified by someone from outside Microsoft, there is always the risk of some dubious third-party code being put in, such as a “backdoor” allowing the computer to be exploited by a remote attack. A genuine licence for Windows 7 only costs around £80, and if you have a product key printed on the computer, you can install a genuine copy of Windows for that key anyway, so there is no reason to go counterfeit. If you have counterfeit Windows installed, give me a call on 01646 602248 to find out how to remove it and install genuine Windows.

Offering free open wifi – think again..

Many business owners want to offer free wifi access to their customers as an added courtesy/benefit. Few realise they could end up in court. Why?

As the owner of the network, you are held responsible for the activities on your network. (see

For example, if someone stays in your hotel and looks at child pornography, the police may well seize your computers and arrest you, unless you are able to prove it was one of your guests. The same would apply to hacking attempts using your connection, or people spamming emails from your wifi.

However, the most aggressive lawyers are from the music and movie industries, who routinely sue people for copyright infringements. In 2009, a pub owner was fined £8000 for filesharing

A very useful guide to using a wireless network in a business can be found at

To protect yourself or your business, you need to be able to prove the illegal activity was carried out by someone else. The only way to do this is to authenticate people logging on. You need a password, and only give this to those who complete a registration process. You also need proof of ID (e.g  a car number plate, a credit card, or drivers licence.)  The information needs to be recorded and produced in case of investigation. Passwords would need to be changed routinely also.

For most businesses, this overhead may be too cumbersome, so another approach is to use a service like The Cloud or BT Openzone. In these cases, the user has to sign up for the service with a card, who records their activities. It may not be as convenient as open wifi, but you can at least say you have acted responsibly.

Don’t destroy your debit card if your account is compromised

I watched a TV programme the other day “Don’t get done, get Dom” (BBC iPlayer link will expire in a few days which delved surprisingly deep into the issues surrounding “Chip and Pin” debit cards.

When your bank account is breached or compromised by fraudsters, one of the things the banks tell you to do, is cut up your card, and cut through the chip. This, is in fact bad practice, as this chip contains transaction logs for every time the card is used. If a fraudster obtained your card information, there is at least one known way of making a copy so a fake card can be used. By destroying your card, you destroy evidence which could prove your innocence, and point to the use of a counterfeit card.

Security researchers at Cambridge University have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorised by chip-and-PIN. This doesn’t work at ATMs(Cashpoints) but could work with counter card devices used in shops and banks.

Other vulnerabilities are discussed here

Moral of the story, don’t cut up your card.


How to filter out the crap without government censorship – OpenDNS

Governments around the world are trying to legislate to bring in censorship to control what they consider inappropriate. Although they claim this is to combat crime, measures they want to introduce can also put in place a mechanism to restrict freedom of speech and expression. You may have trust in the current government, but can you be sure that a future government will not be more oppressive?

An alternative is to use a company like OpenDNS. The good thing about this, is you can stop using them at any time, and you know what is going on. You can simply change your DNS settings to point to their servers, and it will block any blacklisted sites, such as sites with viruses, or spam sites. If you don’t like it, you can always change the DNS again after.

Current servers to point to are

  • (
  • (

For help in doing this, drop me (Adam) a line on 01646 602248.