Monday, October 3, 2011

How to Close Port 445 in Windows 7 / Vista

If you are cautious / paranoid about open ports in Windows, you may have noticed port 445 open.

To close it, log in as an administrator, and do the following:

1. In the run box, type "services.msc" and run the Services console

2. Scroll down to find the service "Server"

3. Right-click "Server" and select Properties

4. Stop the service, and then click the drag-down box in the center, and select Disable.

5. Restart the system.

Keep in mind that any services that depend on the Server service (e.g. Homegroups, print sharing) will fail. Consider creating a System Restore point prior to making the change.

Sunday, August 28, 2011

How to View Older Netflix Titles in Fullscreen - Remove the Black Bars

All content on Netflix is presented in its original aspect ratio, which for many titles, is 4:3. Unfortunately, most people view Netflix content on widescreen televisions, leading to black bars on the sides the image during playback.

Thursday, August 25, 2011

Netflix Router Optimization Guide - How to Improve Netflix Performance on Home Networks By Using Quality of Service (QoS)

Unable to Connect to Netflix? Netflix fails will drive you crazy. This guide will show you how to optimize Netflix performance on your home router, without crippling network performance for other connected devices.

Netflix is a bandwidth-intensive application. Most home networks contain a LOT of devices (PCs, gaming consoles, network-connected media players, iPhones, etc.), and this can cause major network congestion - causing Netflix stuttering, decreased image quality and disconnects. 

Tuesday, August 23, 2011

How to Use PeerBlock - A Simple Guide to Using PeerBlock Peer Blocking Software

This guide will show you how to install PeerBlock, and how to use it more effectively. The default installation of PeerBlock blocks many known malicious and/or problematic hosts. By adding additional block lists, you can customize the IP ranges you wish to prevent from communicating with your machine. It is very useful for blocking domains associated with bots / zombies, and known attack ranges.

Monday, July 25, 2011

How To Remove Space Between Blogger Gadgets / Widgets

If you use Blogger you may have noticed that by default, Blogger places space between gadgets appearing in your sidebar (or sidebars). 

Removing the space between HTML/Javascript gadgets (such as AdSense ads) is easy - simply merge the HTML scripts together. For example, if you have an AdSense script and an image link (like in my sidebar), cut and paste the script from the second gadget, and add it to the bottom of the first gadget. Remove the second HTML gadget. Apply to blog, and test it out to ensure proper formatting. You can stack as many HTML gadgets together as you like.

Removing the space between non-HTML/Javascript gadgets (such as the Blog archive, hit counter, etc.) is a little trickier. However, this blog has posted an excellent guide. Given the complexity of this, I strongly suggest backing up your blog first - click the Settings tab in the Dashboard, and choose "Export Blog" to save a copy to your computer. If something goes horribly wrong, you can always restore it.

Monday, July 4, 2011

How to Detect and Remove TDL4 / TDL3 / TDSS / Alureon Rootkits

Experts are continuing to say scary things about TDL4 and its botnet, throwing around terms like "virtually indestructible". Whether this is true or not, clearly TDL4 is a highly sophisticated piece of crimeware that has top researchers very concerned.

If you think you may be infected, Kaspersky Labs has released a free tool for Windows users (all versions, 32 and 64-bit) called TDSSKiller which will detect and remove TDL4 rootkits / bootkits. It can be downloaded here.

TDSSKiller also detects other TDSS-family rootkits such as TDL2 / TDL3, and unknown rootkits by analyzing for:
  • Hidden or Blocked services
  • Hidden or Blocked files
  • Forged files
  • Rootkit.Win32.Backboot.gen (generic / unknown MBR infection)
I'm confident those who design the TDSS rootkits will soon figure out a way to defeat Kaspersky's detection / removal, but for now, this is a great place to start if you are concerned about these rootkits.

If you have no luck with TDSSKiller, you may wish to try Norman TDSS Cleaner, Avast's aswMBR Tool, or HitMan Pro, which also claim to detect and remove TDL3, TDL4 and its variants.

Wednesday, June 29, 2011

Why Use A VPN? Reasons Why You Should Use a VPN Explained

Don't think a VPN is right for you? Consider the following practical reasons to use a VPN service provider:

1. Securing Wireless Connections / Public Wi-Fi

If you use wireless hotspots / public wi-fi, your traffic is open to be easily monitored by both the persons providing the wireless access, and others on the wireless network (as they all have the security key). This makes session hijacking rather easy - as the recent FireSheep extension for Firefox demonstrates. In other words, it's quite simple for another person to hijack your Facebook, Twitter, possibly even your email account.

An attacker sitting in a coffee shop or on hotel wireless could gather dozens of accounts in short order using this method. By using a VPN, even on a wireless connection employing no security measures, you will prevent these types of attacks.

2. Hiding your IP address / Privacy

When you connect to a VPN provider, the provider issues you an IP address from a random pool of IP addresses owned by the provider. All traffic you send and receive on the Internet passes to and from the VPN provider. Your online presence is now "masked" behind the VPN provider. This connection does not render you anonymous per se but rather pseudonymous, as you are still linked to that IP. Always read a VPN provider's privacy policy to see what information is retained, for how long, and what conditions must be met for the release of subscriber information to a third party.

3. Viewing content outside your geographical area / bypassing censorship

Most VPN providers have servers in many countries, which will allow you to view content from websites that restrict access based on geographical location (e.g. Hulu, Comedy Central, BBC, etc.).

4. Preventing passive traffic monitoring

All traffic passing from your computer to the Internet is easily monitored and logged by an ISP. Many ISPs bury the fact that they do this deep in their Terms of Service when you sign up. If you use a VPN, all traffic on your connection will be encrypted from your computer to the VPN provider, and then pass to the Internet.

5. Preventing bandwidth throttling / traffic shaping

A LOT of ISPs engage in traffic shaping/throttling of certain types of traffic - BitTorrent traffic in particular. If you don't like the idea of your traffic being monitored and shaped, a VPN will prevent this by creating an encrypted tunnel between your computer and the VPN provider. The ISP can only see the tunnel - but not the ports being used and the traffic protocols passing through the tunnel.


Thursday, June 23, 2011

How to Create Custom / Separate Windows 7 Firewall Policies for Individual Users

How to Create Windows 7 Firewall Policies for Different Users:

For various reasons, you may wish to have an account with strict firewall policies (such as those detailed in this post), and another account with more relaxed policies.

In order to do this, both accounts must be Administrators. This may also work with Vista Firewall, unfortunately I don't currently have a Vista box to test it on. This will not work on Windows Vista.

1. Before doing anything, back up your current firewall policy. Run Windows Firewall with Advanced Security (type firewall in Run box).

2. In the right pane, click Export Policy. Save to c:\, as firewallstd.wfw.

3. Create the policies you wish to implement, and export as c:\firewallstrict.wfw.

4. Create this batch file, and save as c:\firewallstd.bat:

netsh advfirewall import c:\firewallstd.wfw

5. Create this batch file, as save as c:\firewallstrict.bat:

netsh advfirewall import c:\firewallstrict.wfw

6. Open Task Scheduler (type task in Run box).

7.  Choose Create a Basic Task.

8. Name this rule as you see fit.

9. For task trigger, select When I Log on.

10. Choose Start a Program.

11. Choose the .BAT file you created earlier. The finishing dialog will appear. Before clicking Finish, tick "Open the Properties dialog for this task when I click Finish".

12. In the resulting window, select Run with Highest Privileges.

Once this is complete, log on to the other account and repeat steps 6 through 12, with the policies you desire for that account. You can remove the "pause" from the batch file if you prefer, but it is helpful to confirm that the policy has properly loaded upon logging in.

Tuesday, May 24, 2011

How To Delete 7-Zip Extraction / Folder History

1. Open the Registry Editor (Start -> regedit.exe) and find the following key:
  • HKEY_CURRENT_USER\Software\7-Zip\Extraction
2. Delete the entry "PathHistory".

You'll need to be logged in as a Administrator to make registry changes. As always, consider backing up the registry before making any changes.

Monday, May 16, 2011

How To Block All Internet Traffic / Connections If Not Connected to a VPN

This post will outline a method using the Windows 7 Firewall to block all Internet traffic unless you are connected to your VPN.

This post assumes you have already followed the steps in the earlier post, How to only use the VPN Connection and Block ISP.

If you implement these rules, your system will have no Internet access unless you are connected to your VPN. That is to say, your system will be connected to the Internet, but no traffic can get in or out unless specifically permitted by a separate firewall rule. If a rule allowing an application exists, that application's traffic will still be able to pass through the firewall.

I have used these rules on my system without ill effect (Windows 7 Home Premium 64-bit). Depending on what other applications you use, you will likely have to create additional rules. If you break your system, don't blame me. Always back up before messing with system settings, and take notes as you go.

It is possible this method could still potentially leak data by way of the system process svchost.exe. If you attempt to block svchost.exe, your PC will not be able to communicate with your router/modem, and you really will have blocked all network functionality - i.e. nothing will work.

That being said, I have monitored VPN disconnects using TCPView and spotted no leaks - just all processes (including system processes) engaged in Internet traffic instantly changing from ESTABLISHED to TIME_WAIT, and shortly thereafter vanishing.


1. Open Windows Firewall with Advanced Security (in this guide, start at step #4)

2. Select Inbound Rules. The New Inbound Rule Wizard will appear.

3. Select Custom Rule (see below).

4. Select All Programs.

5. Select Any IP Address, for both Local and Remote.

6. Select Block The Connection (see below).

7. Select Domain and Private, leaving Private and Public unticked (see below)

8. Name your rule and click Finish. Repeat steps 1 through 8 for Outbound Rules.

9.  In the Windows Firewall with Advanced Security window, select Windows Firewall Properties (see below).

10. In the resulting window, choose to block both inbound and outbound traffic for the Domain and Private profiles (see below). You may also want to block outbound traffic on the Public profile as well, but you will need to create specific allow rules for every application that needs Internet access.

You should test your configuration at this point to ensure it is working. Connect to your VPN, start up some downloads, and disconnect. All traffic should die immediately.

Saturday, May 14, 2011

How To Transcode Media / Video Files Permanently With TVersity Media Server (PS3 Guide)

This is a simple fix to avoid transcoding / converting media multiple times. I've used the PS3 as the example playback device (because that's what I use), but this should work for any device capable of connecting to TVersity Media Server.

If you use TVersity Media Server with a PS3 (or 360), you might notice that some files are very stubborn to play, particularly if you attempt to fast forward or browse the video with the PS3's thumbnail browsing (i.e. pressing the square button during playback to browse specific intervals). Flash video (.FLV extension) is perhaps the most stubborn of all.

These problems are often caused by TVersity being unable to transcode the media quickly enough to provide the PS3 with the data requested. I've found the method described in this guide is particularly good for playing / transcoding flash video content into a format that will fast forward and rewind.

Be aware, some files might suffer a degradation in quality (as well as an increase in size) - however, for most downloaded content, there is little or no noticeable difference whatsoever. If you're just getting started with TVersity on the PS3, I highly recommend the post Optimizing TVersity for the PS3.

10 Steps To Permanently Transcode Media:

1. Place all of your stubborn media into a directory of your choice, e.g. C:\tmp

2. Share this directory in TVersity Media Server, with the setting "Always Transcode"

3. On the TVersity Settings tab, set Temporary Media Files to a nice big number (the default is 8192mb, I'd go for at least 20 or 30gb, depending on how much media you intend to transcode).

4. Browse to your newly-created directory on your PS3, and test that each file will play individually. If something refuses to play whatsoever, even with Transcode set to "Always", get it out of there. The file is either broken, or you don't have the correct codec to play it.

5. Ensure that the PS3 has Sequential Playback turned on (In the PS3 XMB, Settings -> Video Settings -> Sequential Playback).

6. Play the first file in the folder on the PS3, and sit back and relax. Turn off the TV if you like. All the files are going to have to play in their entirety, in real time (could be many hours depending on what you have queued up). This is a good thing to run overnight while sleeping, when the PS3 is not in use. You should ensure sequential playback is working; occasionally some files can cause playback to stop rather than continuing to the next file.

7. When the files have completed playing, browse to the temporary media folder on the PC running TVersity. The default locations are:
  • XP: C:\Program Files\TVersity\Media Server\data
  • Vista / 7:  C:\ProgramData\TVersity\Media Server\data
If you can't find the directory, simply click the "View Files" button under Temporary Media Files (see screenshot above).
    8. Look for files with the extension MPEG16 and a whole lotta characters after that. See screenshot below.

    9. Rename those files to their original names, changing the extension to .MPG.

    10. Move files to desired location, share (setting TVersity to Never transcode), and playback without the need to ever transcode them again. You'll find that not only will fast-forwarding / rewinding work much better, but you will experience less glitching over WiFi, and take a huge CPU/memory load off your PC.

    Monday, May 2, 2011

    How to Disable IPv6 and Teredo in Windows 7

    Steps to Disable IPv6 stack and Teredo Tunnelling Protocol in Windows 7

    There are privacy issues abounds related to the Windows 7 implementation of IPv6. I won't get into them here, I'm assuming if you're reading this page, you are aware of these issues and wish to disable it.

    If you need a desk reference for tweaking Windows 7, consider Windows 7 Tweaks: A Comprehensive Guide. It's a lot better than the O'Reilly Windows 7 book, and it's cheaper too.

    (NOTE: You must be logged in as a Administrator to make these changes.)

    To Disable IPv6 stack:

    1. Open the Registry Editor. (Start -> type "regedit" in search box)
    2. Find the following key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
    3. Right-click on "Parameters", and select "New", and then "DWORD (32-bit) value"
    4. Enter the following in the resulting window:
    • DisabledComponents
    5. Modify the DisabledComponents key by right-clicking it. Enter the following hexadecimal value:
    • 0xffffffff
    Upon entering this value, it may display as "0x41ffffff". 

    Some web pages say you should enter a "0" here, but that actually will enable IPv6.

    To Disable Teredo Tunneling Protocol:

    1. Click Start -> Control Panel
    2. Click System and Security
    3. Click Device Manager (the UAC prompt will appear, click OK)
    4. In the Device Manager Windows, click View -> Show Hidden Devices
    5. Find the Teredo Tunneling Pseudo-Interface in Network Adapters
    6. Right-click Teredo Tunneling Pseudo-Interface, and select Disable.

    Tuesday, April 19, 2011

    VLC - How to Play Video in Fullscreen on a Netbook / Eee PC - Force Aspect Ratio

    To force VLC Media Player video playback to fullscreen on a 10.1" display netbook (e.g.ASUS 1000-series Eee PCs, and many, many others), do the following:

    1. Select Tools -> Preferences (or enter Ctrl-P)
    2. Click "Video" on left side of window
    3. Scroll to "Video" on right side of window - you will see an entry called "Force Aspect Ratio".
    4. Enter "16:9" (no quotation marks).
    5. Try playing a video. It should now be properly formatted to use the full screen.

    If the above does not work, try the following in addition to the steps above:

    1. Select Tools -> Preferences (or enter Ctrl-P)
    2. Click "All" on the bottom-left (under "Show Settings")
    3. Click "Video" on left side of  window
    4. Scroll down to "Source Aspect Ratio"
    5. Enter "16:9" (no quotation marks).

    Friday, April 15, 2011

    A Guide to Setting up PSP Remote Play - Set Up PSP Remote Play On Any Router

    Complete the following steps, IN ORDER, and enjoy many of your PS3's features on your PSP wherever there is an Internet connection. I use mine to watch video from my TVersity Media Server on the go.

    I'm going to state at the outset that despite all my efforts to get Remote Start Via Internet to work properly (i.e. not turn the system on randomly and then disable Remote Start Via Internet) - it really does not work well at all., does not work well with MANY router models (my D-Link DIR-625 included).

    Sony desperately needs to implement some sort of specialized packet for waking the PS3. Without this, Remote Start Via Internet is essentially useless, as the PS3 will inevitably catch a random packet on port 9293, turn on, time out and disable Remote Start Via Internet. Alternatively, your router will send it an ARP packet, causing it to wake up (my problem). With the great PSN outage of 2011 going on, I doubt this is very high on Sony's priority list.

    As it stands, the only truly reliable option is to disable Remote Start via Internet and System Auto-Off, and place your PS3 in Remote Play mode before you leave home / attempt to use Remote Play.

    1. Connect your PSP to your PS3 system with the USB cable.
    2. Enable USB Mode on the PSP (Settings -> USB Connection).
    3. Register the Device on the PS3 (Settings -> Remote Play Settings -> Register Device).
    4. Enter Remote Play Mode on the PS3 (Network -> Remote Play).
    5. Enter Remote Play Mode on the PSP (Network -> Remote Play).
    6. Connect via your preferred method (Private Network or Internet).
    7. Sign into Playstation Network on the PSP.
    8. Enable Remote Start on the PS3 (Settings -> Remote Play Settings -> Remote Start). This is required if you wish to turn on the PS3 via the Internet, rather than locally.
    • If you choose this option, you will have to set the PS3 to login to your preferred user account automatically (Users -> Press Triangle button on preferred user -> Automatic Login)

    The above steps will only work if you have your network configured correctly. If you don't know how to access your router's settings refer to this guide. This guide assumes some comfort with adjusting router settings.

    If you're afraid of your router, don't be. Take notes, and go through the following checklist, one item at a time.

    PSP Network Settings Checklist:
    • 802.11b mode enabled on router? (PSP does not support 802.11g / n standards)
    • Static IP address reserved for PS3?
    • WPA or WEP mode enabled on router? (PSP does not support WPA2 security - enabling WPA mode will weaken router security, although with a long/complex enough key, it may be worth trying. Don't use WEP - it's inherently insecure)
    • If MAC address filtering active on router, PSP MAC address added to allowed devices?
    • Visible SSID on router? (If you use a hidden SSID, you must enter the SSID manually on the PSP)
    • UPnP enabled on router? (Enabling UPnP will weaken router security and I've found it isn't necessary to establish the connection)
    • Port 9293 (both TCP and UDP) forwarded to PS3 static IP?
    • PS3 not in DMZ? - If PS3 is in DMZ, random packets will cause it to turn off and on repeatedly, and the PS3 will disable Remote Start. This means you will have to forward ports for online multiplayer games. [Unfortunately - random Wake-On-LAN power-ups can occur nonetheless. Sony really screwed up here by not using a magic packet].
    • Network bandwidth OK? If your router is overwhelmed, the connection will most likely time out.
     Tested on the PSP-2000.

      Tuesday, April 12, 2011

      How to Format USB / External Drive (FAT32 / NTFS)

      Simply open a command prompt as an Administrator and type the following:

      For FAT32:

      • format /FS:FAT32 driveletter:  (e.g. format /FS:FAT32 F:)

      For NTFS:

      • format /FS:NTFS driveletter:

      All data on the target drive will be erased.

      You can also convert a FAT32 drive to NTFS without any data loss with the following command:

      • convert driveletter: /FS:NTFS

      NOTE: If you convert from NTFS to FAT32, all data will be erased.

      How to boot ASUS Eee PC from USB / External drive - Disable Quick Boot

      6 Easy Steps to Boot ASUS Eee PC from an External Device:

      I still love my old Eee PC after all these years...but I had a helluva time getting it to boot from an external drive so I could try out a certain linux distro.

      Tapping the Esc key upon booting is supposed to bring up a boot menu - but no luck.

      Turns out by default, it was configured to "quick boot". To change this:

      1. Turn off your Eee PC.
      2. Turn it back on, tap F2 immediately. This should get you into the BIOS Setup menu.
      3. Scroll over to the "Boot" tab.
      4. Select "Boot Settings Configuration".
      5. Use the minus key to change "Quick Boot" to Disabled.
      6. Press F10 to Save and Exit.

      Upon rebooting, hit Esc and you will be presented with a Boot Device selection menu.

      This method was tested on a 1000h, however I suspect these steps will also work for many older ASUS Eee PCs. "Quick Boot" may be listed as "Quiet Boot".

      Friday, February 25, 2011

      Allow a VPN Connection in Windows 7 Firewall - Ports to Open - Error 809

      If you are using Windows 7 Firewall with outbound traffic restrictions, you may run into problems if you attempt to use a VPN service, receiving Error 809. I block all outbound traffic that does not match an existing rule by default, and ran into some trouble attempting to connect to my VPN.

      (NOTE: The instructions below assume some familiarity with modifying rules in the Windows 7 Firewall. If you need some further direction, see this guide, and start at step #4.)

      To use an L2TP - based VPN, you must create a rule to allow outbound UDP connections on port 1701. You should apply this to the Private and Public profiles (Domain should not be necessary - but if this fails, try Domain as well).

      To use a PPTP - based VPN, the same applies, however you must allow TCP port 1723.

      To use an IPSec - based VPN, the same applies, however you must allow UDP port 500.

      Some router /  protocol combinations may also require that you modify router settings to allow them. My D-Link DIR-625 has a specific "tick-box" to allow certain protocols, such as PPTP. Your best bet if you use a router is to consult your router manual / your router's settings if opening your port locally is not successful.

      Friday, February 4, 2011

      avast! Web Shield and VPN - bypasses VPN connection

      I recently changed antivirus programs from Panda Cloud to avast! antivirus. Suddenly, my browser was being allowed through the firewall without any issue no matter what network I was using, despite all the steps I had taken in the guide here. I was baffled, and in fact I didn't connect the installation of avast! with the problem (note to self: when things suddenly stop working, ask self - what changes have I made recently?)

      Turns out the avast! program essentially acts as a proxy, passing all HTTP traffic through avast! and then to the Internet - bypassing any rule you have to block the browser from doing so.

      Since Windows Firewall allows all outbound connections that do not match a rule - it's gonna get out. So - if you use an antivirus program with a "Web Shield" or similar functionality - you may want to consider disabling that function to prevent leaking one's true IP address.

      ...of course, that decision is fraught with its own perils...browse carefully!

      Wednesday, January 26, 2011

      Windows Always Displays Italics - How to Fix Browser Always Displaying Italics - Windows Fonts Bug - Easy Fix.

      An Easy Fix if your Browser is always displaying text in italics:

      I recently had some problems with Windows 7 not displaying fonts correctly - i.e. fonts were always italicized in web pages (in Firefox, IE and Chrome - tried all three).

      After some research I found a fix - copy and paste the following text (in between the dotted lines) into a new text document (e.g. in Notepad), save the file as fontfix.reg (or something similar). Right-click the file and choose Merge.

      This works on Windows XP, Vista and Windows 7.

      (NOTE: You must be logged in as an Administrator to perform this task.)


      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
      "Tahoma (TrueType)"="tahoma.ttf"
      "Courier New (TrueType)"="cour.ttf"
      "Verdana (TrueType)"="verdana.ttf"
      "Arial (TrueType)"="arial.ttf"
      "Arial Narrow (TrueType)"="arialn.ttf"
      "Arial Bold (TrueType)"="arialbd.ttf"
      "Lucida Console (TrueType)"="lucon.ttf"
      "Trebuched MS (TrueType)"="trebuc.ttf"
      "Times New Roman (TrueType)"="times.ttf"
      "Marlett (TrueType)"="marlett.ttf"


      Monday, January 17, 2011

      How to Always / Only Use VPN Connection and block ISP - Make Bittorrent only use VPN Connection

      VPNs are great for added security when using the Internet - but what about when the VPN drops or disconnects? Unfortunately, if you use Windows (any version), any running application (for example, BitTorrent, your browser) will revert to using your ISP connection, exposing your IP address and opening you up to security and privacy issues. This is of particular concern when using a VPN to secure a public wi-fi spot. Windows will not prevent traffic in the event of a disconnect.

      There are many guides found online to prevent this using third-party firewalls such as Comodo, or using a third-party applications such as VPNetMon or VPNCheck (neither of which I know anything about, and cannot speak to their reliability or safety).

      This guide will show you how to configure Windows 7 Firewall to block any specified application (I have used Firefox as an example - but you can pick any application, e.g. utorrent or your preferred torrent client) from using your ISP connection, and permit it to connect the the Internet using only the VPN connection. Users who are unfamiliar with the basic aspects of Windows 7 Firewall may wish to consult this guide. Unfortunately, this will not work with the built-in firewall in Windows XP or Vista.

      If the method described below does not work for you (or perhaps you don't want to mess with your firewall, or you use Windows XP / 2000 / Vista / Mac OS X), consider using a VPN that offers a client with IP Binding, which will prevent any selected application(s) from accessing the Internet in the event of an unexpected disconnection.

      Buy VPN features PPTP, L2TP and OpenVPN options on a fast, secure (and P2P-friendly!) network and has Windows and OS X clients that prevent leaking in the event of unexpected VPN disconnection. privateinternetaccess takes anonymity seriously.

      Preliminary Considerations:

      1. If you use an antivirus program such as avast! that has a Web Shield / Filter that passes HTTP traffic through an antivirus/malware scan, you may want to consider this post.

      2. The IPv6 functionality in Windows 7 can also leak IP information - you may wish to disable it - see the guide here.

      3. After you complete the steps in this guide, you may want to consider adding a rule to block all traffic that does not match a rule to the Domain and Private profile. See the guide here.

      4. If you want to create these rules for one user account, and maintain less strict rules for another user account, please see this post

      5. If you are blocking a torrent application such as uTorrent, you'll want to disable uTP, DHT, UPnP, Local Peer Discovery and IPv6.


      1. Connect to your VPN as you normally would. 

      2. Open the Network and Sharing Center - right-click on the Internet connection icon in the taskbar and choose "Open Network and Sharing Center" (see below)

      3. You should see (at least) two networks listed under "View Your Active Networks" - your VPN connection and one called "Network" - a.k.a. your ISP Connection. Ensure that your VPN is a "Public Network", and your ISP connection is "Home Network". If you need to change either connection, click it and an option window will appear (see below).

      4. Go to the Control Panel and click System and Security (see below).

      5. In the resulting window, click Windows Firewall (see below).

      6. In the Windows Firewall  window, click Advanced Settings on the left pane (see below).  
      Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings.

      7. You should see a window titled Windows Firewall with Advanced Security. In this window, click Inbound Rules (see below).

      8.  On the right pane, you will see an option for a New Rule. Click it (see below).

      9.  In the New Inbound Rule Wizard (which should appear), do the following:

      •  Choose Program and click Next.

        •  Choose the program you wish to block all traffic to except on the VPN connection, and click next.

        •  Choose Block the Connection.

        •  Tick Domain and Private. Make sure Public is left unticked.

          10. Repeat Step 9 for Outbound Rules.

          When all of the above steps are complete, you should test the configuration. Run the application you made the rule for, and test that it is working when the VPN is connected. Start a download, and then disconnect from the VPN. If all is configured properly, the download should die immediately as the firewall will immediately block it from using your ISP-assigned IP address. If you wish to monitor traffic closely, use TCPView.

          How to Remove Windows Messenger from Windows XP

          On a fresh install of Windows XP or Windows 2000, frequently Windows Messenger will automatically run and cause all sorts of confusion. This isn't such a problem nowadays, but many people still use XP and upon doing a clean installation will run into this problem.

          Windows Messenger - not to be confused with  MSN Messenger or Windows Live Messenger - was an instant messaging program included with Windows XP (and possibly 2000 / Vista). It also has a habit of getting mixed up with Windows Live Messenger and automatically logging in upon a reboot.

          There is a solution proposed on the Microsoft Website here, however I always found the following worked a lot better:

          How to Remove Windows Messenger from XP:

          1. Click Start, and Run.

          2. Enter the following in the resulting field:   RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

          Now Windows Messenger is removed.

          (note: I took this from my old blog here)

          TVersity - How to get TVersity to work when a VPN is connected

          Some of you may run a VPN service on the same computer which also serves as your media server running TVersity.

          However, you may notice that when the VPN is connected, TVersity fails to show up on network devices (e.g. PS3, Wii). The VPN creates a tunnel through the router, causing TVersity to fail to announce properly on your local network or subnet (that's the simplest explanation I can think of!). Here's how you can avoid this problem.

          Instructions for running TVersity on a VPN-connected computer:

          1. Open the TVersity Interface, and click on the "Settings" tab.

          2.  On the left side of the interface you will see many options - click "General".

          3. Scroll down to the "Home Network" section - there should be a blank field, followed by a port number (typically 41952 on most default TVersity configurations). In the blank field enter the local IP address of your computer.
          • If you don't know the local IP address of your computer, run a command window and type "ipconfig" - when the VPN is active you will see two connections - the IP address you want is "Local Area Connection" - this will typically be an address beginning in 192.168.*.*.  If you don't know how to run a command window, click here.
          4. Save your changes by clicking the "Save" button at the bottom.

          That's it. Check out your device(s) to see if the Media Server is visible (You may have to scan for servers.).