Linux: Setup a transparent proxy with Squid in three easy steps

Y’day I got a chance to play with Squid and iptables. My job was simple : Setup Squid proxy as a transparent server.

Main benefit of setting transparent proxy is you do not have to setup up individual browsers to work with proxies.

My Setup:

i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid).
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)

Eth0 connected to internet and eth1 connected to local lan i.e. system act as router.

Server Configuration

• Step #1 : Squid configuration so that it will act as a transparent proxy
• Step #2 : Iptables configuration
  • a) Configure system as router
  • b) Forward all http requests to 3128 (DNAT)
• Step #3: Run scripts and start squid service

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan

Where,

• httpd_accel_host virtual: Squid as an httpd accelerator
• httpd_accel_port 80: 80 is port you want to act as a proxy
• httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
• httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
• acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
• http_access allow localhost: Squid access to LAN and localhost ACL only
• http_access allow lan: — same as above –

Here is the complete listing of squid.conf for your reference (grep will remove all comments and sed will remove all empty lines, thanks to David Klein for quick hint ):
# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'

OR, try out sed (thanks to kotnik for small sed trick)
# cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'

Output:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname myclient.hostname.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid

Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Here is complete shell script. Script first configure Linux system as router and forwards all http request to port 3128 (Download the fw.proxy shell script):
#!/bin/sh
# squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

Save shell script. Execute script so that system will act as a router and forward the ports:
# chmod +x /etc/fw.proxy
# /etc/fw.proxy
# service iptables save
# chkconfig iptables on

Start or Restart the squid:
# /etc/init.d/squid restart
# chkconfig squid on

Desktop / Client computer configuration

Point all desktop clients to your eth1 IP address (192.168.2.1) as Router/Gateway (use DHCP to distribute this information). You do not have to setup up individual browsers to work with proxies.

How do I test my squid proxy is working correctly?

See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log

Above command will monitor all incoming request and log them to /var/log/squid/access_log file. Now if somebody accessing a website through browser, squid will log information.

Problems and solutions

(a) Windows XP FTP Client

All Desktop client FTP session request ended with an error:
Illegal PORT command.

I had loaded the ip_nat_ftp kernel module. Just type the following command press Enter and voila!
# modprobe ip_nat_ftp

Please note that modprobe command is already added to a shell script (above).

(b) Port 443 redirection

I had block out all connection request from our router settings except for our proxy (192.168.1.1) server. So all ports including 443 (https/ssl) request denied. You cannot redirect port 443, from debian mailing list, “Long answer: SSL is specifically designed to prevent “man in the middle” attacks, and setting up squid in such a way would be the same as such a “man in the middle” attack. You might be able to successfully achive this, but not without breaking the encryption and certification that is the point behind SSL“.

Therefore, I had quickly reopen port 443 (router firewall) for all my LAN computers and problem was solved.

(c) Squid Proxy authentication in a transparent mode

You cannot use Squid authentication with a transparently intercepting proxy.

Further reading:

• How do I use Iptables connection tracking feature?
• How do I build a Simple Linux Firewall for DSL/Dial-up connection?
• Update: Forum topic discussion: Setting up a transparent proxy with Squid peering to ISP squid server
• Squid, a user’s guide
• Squid FAQ
• Transparent Proxy with Linux and Squid mini-HOWTO

Setting up a Squid-Proxy Server

Is Squid Installed ?

Squid’s rpm comes bundled with the RedHat 7.1 and is installed automatically with the Network OS installation option. One can check whether it is installed or not with the following rpm command:

rpm -q squid

The latest version of Squid can always be obtained from the Squid Homepage and other mirror sites. Squid can be installed on the desired system by using the following rpm command:

rpm -ivh squid-2.3.STABLE4-10.i386.rpm

Configuring Squid

The working and behavior of the Squid is controlled by the configuration details given in it’s configuration file i.e. squid.conf; this file is usually found in directory the /etc/squid. The configuration file squid.conf is a mile long affair, it just keeps on going for pages after pages, but the good point is that it has all options listed out clearly with explanation.

The first thing that has to be edited is the http_port, which specifies the socket address where the Squid will listen to the client’s request; by default this is set to 3128, but can be changed to a user defined value also. Along with the port value, one can also give the IP address of the machine on which Squid is running ; this can be changed to:

http_port 192.168.0.1:8080

With above declaration Squid is bounded to the IP address of 192.168.0.1 and port address of 8080. Any port address can be given; but make sure that no other application is running at set port value. With similar configuration lines other service’s request ports can also be set.

Access Control

Through access control features the access to Internet can be controlled in terms of access during particular time interval, caching, access to particular or group of sites, etc.. Squid access control has two different components i.e. ACL elements and access list. An access list infact allows or deny the access to the service.

A few important type of ACL elements are listed below

• src : Source i.e. client’s IP addresses
• dst : Destination i.e. server’s IP addresses
• srcdomain : Source i.e. client’s domain name
• dstdomain : Destination i.e. server’s domain name
• time : Time of day and day of week
• url_regex : URL regular expression pattern matching
• urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname
• proxy_auth : User authentication through external processes
• maxconn : Maximum number of connections limit from a single client IP address

To apply the controls, one has to first define set of ACL and then apply rules on them. The format of an ACL statement is

acl   acl_element_name   type_of_acl_element values_to_acl

Note :

1. acl_element_name can be any user defined name given to an ACL element.
2. No two ACL elements can have the same name.
3. Each ACL consists of list of values. When checking for a match, the multiple values use OR logic. In other words, an ACL element is matched when any one of its values matches.
4. Not all of the ACL elements can be used with all types of access lists.
5. Different ACL elements are given on different lines and Squid combines them together into one list.

A number of different access lists are available. The ones which we are going to use here are listed below

• http_access: Allows HTTP clients to access the HTTP port. This is the primary access control list.
• no_cache: Defines the caching of request’s responses

An access list rule consists of keywords like allow or deny ; which allows or denies the service to a particular ACL element or to a group of them.
Note:

1. The rules are checked in the order in which they are written and it terminates as soon as rule is matched.
2. An access list can consists of multiple rules.
3. If none of the rules is matched, then the default action is opposite to the last rule in the list; thus it is good to be explicit with the default action.
4. All elements of an access entry are AND’ed together and executed in following manner
   http_access Action statement1 AND statement2 AND statement OR.
   http_access Action statement3
   Multiple http_access statements are OR’ed whereas elements of an access entry are AND’ed together
5. Do remember that rules are always read from top to bottom.

Back to Configuration

By default, Squid will not give any access to clients and access controls have to modified for this purpose. One has to list out one’s own rules to allow the access. Scroll down in the squid.conf and enter the following lines just above the http_access deny all line

acl mynetwork 192.168.0.1/255.255.255.0
http_access allow mynetwork

mynetwork is the acl name and the next line is the rule applicable to a particular acl i.e. mynetwork. 192.168.0.1 refers to the address of the network whose netmask is 255.255.255.0.. mynetwork basically gives a name to group of machines in the network and the following rule allows the access to clients. The above changes along with http_port is good enough to put Squid into gear. After the changes Squid can be started by the following command

service squid start

Note :
Squid can also be started automatically at boot time by enabling it in ntsysv or setup (System Service Menu). After each and every change in the configuration file, the present Squid process has to be stopped and for new configuration changes to take effect, Squid has to be started once again. These two steps can be achieved by following commands

1. service squid restart or
2. /etc/rc.d/init.d/squid restart

Client Machine Configuration

Since the client request will be placed at a particular port of the proxy server, client machine’s have to be configured for the same purpose. It is taken at this point that these machines are already connected to LAN ( with valid IP address) and are able to ping the Linux sever.
For Internet Explorer

1. Go to Tools -> Internet Options
2. Select Connection Tab and click LAN Setting
3. Check Proxy Server box and enter IP address of proxy server and port address where request are being handled (http_port address).

For Netscape Navigator

1. Go to Edit -> Preference -> Advanced -> Proxies.
2. Select Manual Proxy Configuration radio button.
3. Click on View Button &
4. Enter enter IP address of proxy server and port address where request are being handled (http_port address).

Using Access Control

Multiple Access controls and rules offer a very good and flexible way of controlling client’s access to Internet. Examples of most commonly used control are given below; this by no means should be taken as the only controls available.

1. Allowing selected machines to have access to the Internet

   acl allowed_clients src 192.168.0.10 192.168.0.20 192.168.0.30
   http_access allow allowed_clients
   http_access deny !allowed_clients

   This allows only machine whose IPs are 192.168.0.10, 192.168.0.20 and 192.168.0.30 to have access to Internet and the rest of IP addresses (not listed ) are denied the service.

2. Restrict the access during particular duration only

   acl allowed_clients src 192.168.0.1/255.255.255.0
   acl regular_days time MTWHF 10:00-16:00
   http_access allow allowed_clients regular_days
   http_access deny allowed_clients

   This allows the access to all the clients in network 192.168.0.1 to access the net from Monday to Friday from 10:00am to 4:00 pm.

3. Multipletime access to different clients

   acl hosts1 src192.168.0.10
   acl hosts2 src 192.168.0.20
   acl hosts3 src 192.168.0.30
   acl morning time 10:00-13:00
   acl lunch time 13:30-14:30
   acl evening time 15:00-18:00
   http_access allow host1 morning
   http_access allow host1 evening
   http_access allow host2 lunch
   http_access allow host3 evening
   http_access deny all

   The above rule will allow host1 access during both morning as well as evening hours; where as host2 and host3 will be allowed access only during lunch and evening hours respectively.

   Note:
   All elements of an access entry are AND’ed together and executed in following manner

   http_access Action statement1 AND staement2 AND statement OR.

   multiple http_access statements are OR’ed whereas elements of an access entries are AND’ed together; due to this reason the

   http_access allow host1 morning evening

   would have never worked as time morning and evening (morning AND evening ) would never ever be TRUE and hence no action would have taken place.

4. Blocking sites
   Squid can prevent the access to a particular site or to sites which contain a particular word. This can be implemented in the following way

   acl allowed_clients src 192.168.0.1/255.255.255.0
   acl banned_sites url_regex abc.com *()(*.com
   http_access deny banned_sites
   http_access allow allowed_clients

   The same can also be used to prevent access to sites containing a particular word i.e. dummy , fake

   acl allowed_clients src 192.168.0.1/255.255.255.0
   acl banned_sites url_regex dummy fake
   http_access deny banned_sites
   http_access allow allowed_machines

   It is not practical to list all the words list or sites names to whom the access is to be prevented; these can be listed out in the file (say banned.list in /etc directory) and ACL can pick up this information from this file and prevent the access to the banned sites.

   acl allowed_clients src 192.168.0.1/255.255.255.0
   acl banned_sites url_regex “/etc/banned.list”
   http_access deny banned_sites
   http_access allow allowed_clients

5. To optimize the use
   Squid can limit number the of connections from the client machine and this is possible through the maxconn element. To use this option, client_db feature should be enabled first.

   acl mynetwork 192.168.0.1/255.255.255.0
   acl numconn maxconn 5
   http_access deny mynetwork numconn

   Note:
   maxconn ACL uses less-than comparison. This ACL is matched when the number of connections is greater than the specified value. This is the main reason for which this ACL is not used with the http_access allow rule.

6. Caching the data
   Response of the request are cached immediately, this is quite good for static pages. There is no need to cache cgi-bin or Servlet and this can be prevented by using the no_cache ACL element.

   acl cache_prevent1 url_regex cgi-bin /?
   acl cache_prevent2 url_regex Servlet
   no_cache deny cache_prevent1
   no_cache deny cache_prevent2

7. Creating Your Own Error Messages
   It is possible to create your own error message with a deny rule and this is possible with the deny_info option. All the Squid error messages by default are placed in the /etc/squid/errors directory. The error directory can be configured with the error_directory option. You can even customize the existing error messages.

   acl allowed_clients src 192.168.0.1/255.255.255.0
   acl banned_sites url_regex abc.com *()(*.com
   http_access deny banned_sites
   deny_info ERR_BANNED_SITE banned_sites
   http_access allow allowed_clients

   In the above example, a special message will be displayed when ever users try to access the sites with above banned words.The file name in the option i.e.ERR_BANNED_SITE must exist in the above error directory. This error message file should be in HTML format. The above listed out examples are just a few of the options, facilities and capabilities of ACL. One can read through the FAQ section at the Squid Home Page for more extensive usage and explanation of other ACL elements and access elements.

Log Files

All log files of Squid are contained in directory /var/log/squid; these contain cache log, access logs and store.log. File access.log maintains the information about the clients request, activity and maintains entry for each HTTP & ICP queries received by the proxy server, clients IP, request method, requested URL, etc.. The data of this file can be used to analyze the access information. Many programs like sarg, calamaris, Squid-Log-Analyzer are available which can analyze this data and generate reports (in HTML format). The reports can be generated in terms of users, IP numbers, site visited, etc..

The destination of these log files can also be changed by following options

cache_access_log      For access.log
cache_log             For cache.log
cache_store_log       For store.log (Store manager)
pid_filename          Squid process ID file name

Authentication Methods

Squid in the default configuration allows any user to have access without any authentication process. To authenticate the users i.e. to allow only valid users (from any machine in the network) to access the Internet, Squid provides for authentication process but via an external program, for this a valid username and password is required. This is achieved by using proxy_auth ACL and authenticate_program; which forces a user to verify the username and password before the access is given. Several authentication programs are available which Squid can use and these are

1. LDAP : Uses Linux Lightweight Directory Access Protocol
2. NCSA : Uses NCSA style username and password file
3. SMB : Uses SMB server like SAMBA or Windows NT
4. MSNT : Uses Windows NT authentication domain
5. PAM : Uses Linux Pluggable Authentication Modules
6. getpwam : Uses Linux password file.

One needs to specify the authentication program being used and this can be specified by using the authenticate_program option. Make sure that the authentication program being used for the purpose is installed and working.

The changes in the squid.conf file now should also reflect the same authenticate_program /usr/local/bin/pam_auth

acl pass proxy_auth REQUIRED
acl mynetwork src 192.168.0.1/255.255.255.0
http_access deny !mynetwork
http_access allow pass
http_access deny all

This uses the PAM authentication program and all users need to authenticate before accessing the Internet.

Options like authenticate_ttl and authenticate_ip_ttl can also be used to change the behavior of the authentication process i.e. revalidation of username and password.

References

This article just touches the tip of the Squid iceberg; for further reference visit the following Web sites

• Squid Home, www.squid-cache.org
• Squid Documentation Project, squid-docs.sourceforge.net
• visolve.com
• For Proxy Authentication, home.iae.nl/users/devet/squid/proxy_auth

7 Ways to Speed up and Optimize Windows XP

Quick and easy
———————————————————

After seeing how popular Blifaloo’s guide to virus removal and prevention has become, I decided to write some more articles about taking care of your computer.

The following is a list of easy tweaks you can do to speed up the overall performance of your PC with Windows XP.

1. Disable File Indexing

Huh? This indexing service gets info from files on the hard drive and creates a “searchable keyword index.”

If you don’t use the XP search feature often to look for documents, you can turn this feature off, and the difference you’ll notice is a slight increase in the time it takes for your computer to find a file, but an overall increase in general speed for everything else.

How to : From My Computer > right-click on the C: Drive > select Properties.
Uncheck “Allow Indexing Service to index this disk for fast file searching.” Apply changes to “C: sub folders and files,” and click OK.

2. Clean Up Prefetch, temp, and cache files

Huh? Windows stores a lot of temporary files that can be safely cleaned out once a month or so. This is also good to do before running virus or spyware scans, as it clears many things out of your system that would need to be scanned.

How to : Download CleanUp!
How to use CleanUp! : Download, Install, and Run.

3. Install some RAM

Huh? If you are running 128mb or 256mb of Ram, it’s pretty cheap and easy to upgrade to 512mb. This is the only suggestion I will make that will actually cost money, but it’s also the one that will best improve performance.

How to : Not sure how to install Ram, or even what kind you need or where to get it from?

Check out Blifaloo’s article on how to Add Ram to your PC.

4. Remove Programs & files you no longer need or use

Huh? Having old games or other software you no longer use can take up a lot of space on your hard drive, which can lead to an overall decrease in your PC’s performance.

How to : Removing old programs is easy. From the Control Panel click on the “Add or Remove Programs” Icon. You can safely remove programs like games, demos, and other software you no longer use. If you are not sure what a program is… don’t delete it just yet. You can do an internet search to find out more about any mystery programs installed on your PC to decide to delete them or not.

Remember: Mp3 music files and videos you download can take up a lot of space. Go through your media files once a month or so and delete the ones you no longer use.

5. Turn off Windows Animations and Visual Effects

Huh? Fancy sliding, fading and animated effects that windows uses by default are easily turned off, and will make the reaction time of simple tasks like opening and moving windows, taskbars, etc… much quicker.

How to : From the Control Panel, click on the “System” icon. Click on the Advanced tab. Click the “Settings” button underneath “Performance”. Uncheck the options related to animations, and other unneeded visual effects.

Personally, I only have 3 items checked in here: “smooth edges of screen fonts”, “use common tasks in folders”, and “use visual styles on windows and buttons”. You can uncheck all of them if you like. But, just getting rid of all the animated features will help the responsiveness of your PC.

6. Remove unused Fonts

Huh? Having too many fonts can realllllllly slow down how fast programs start up. Some people say have no more than 500 fonts installed on WinXP, but I personally try to keep the number of fonts below 200. The less you have the faster your programs that use them (office software, graphic programs etc..) will load.

How to : From the Control Panel, click on the “Fonts” icon. You can delete the fonts you don’t use here.

Remember: to keep the basics: Verdana, Arial, Times, Trebuchet, Courier, serif, sans-serif, Georgia, etc… Along with any fonts related to your business.

7. Get a Virus, Spyware and Malware Clean System

Huh? Chances are you have some sort of virus, spyware or malware on your computer.

How to : Get Adware and Spybot S&D in addition to a Firewall and Antivirus program. See our guide to virus removal and protection for more ifno.

Remember: Keep your anti-virus programs up-to-date. And always research any software you plan on downloading to “help” your PC. Some anti-virus / anti-spyware software actually have spyware.

Hope you found at least a few helpful pieces of information in this article. Thanks for stopping by Blifaloo.com, and don’t forget to check out some of the other stuff on the site.

Make Your Own registry

What is a Registry File?

A registry file is really just a text file (.txt made with notepad). It becomes a registry file (.reg) when you change the extension from .txt to .reg. For example you have a text file called test.txt, you right click on it and select “rename” and change it to test.reg. If properly configured, when you click on it and answer yes to the pop-up screen, it will make immediate changes directly to your registry. It is a fast and easy method to tweak your computer, save the customizations you made, and apply tweaks to an installation.

How do I make a .reg file?

Lets try this first. Open your registry, press the Windows + R keys > in the resulting windows type regedit and then click OK.

Now that we have Registry Editor open, lets navigate to a popular key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced .

Click on the “+” sign next to HKEY_CURRENT_USER, next do the same for SOFTWARE, scroll down and do the same for Microsoft, then Windows, CurrentVersion, Explorer.

Now click on Advanced. You should be here:

Now, right-click on Advanced and choose Export. Navigate to your desktop to save the file there, name it test and click Save.

You should now have a file on your desktop that looks like this:

Right-click on it and choose Open with, and then Notepad. If Notepad isn’t readily available then select Choose Program and find Notepad in the list. Once open you should see something similar to the picture below. This is a .reg file. There are 2 keys here. The first is the line, Windows Registry Editor Version 5.00 which tells XP “I’m a .reg file”. The second is syntax, which tells XP what key to change (or add) and what to set the value to. Whole books have been written on this.

So, we now have an example of a .reg file. I’ve showed you this method because it the simplest way to start making your own .reg files, in fact, it’s the way I started. To work from here I change the extension from .reg to .txt to make it safer to work with. Simply right-click on test.reg and rename it to test.txt. I add/remove keys and change values then rename it back to a .reg file, noballontips.reg for example. Hope this helps you understand what a .reg file is.

Let’s move one to my registry settings…

Bad Tweak

The following is a list of XP tweaks that either do not work, do not work as advertised, or that are better left alone.

Many of these once worked in some version of Windows and virtually every tweak guide and program use these tweaks. My guide also used to contain some of them. It has taken a considerable amount of research and testing to come to these conclusions. While others have incorporated these into other guides and tried to pass it on as their own work I’ve done the investigation and benchmarking (and AFAIK I was the first to publish these en masse on the web). I’ve Googled up one side of the net and down the other. Sometimes I think I’ve seen every page at Microsoft. I’ve hosed installs, applied and removed settings, and spent more time tracking the registry than I care to admit (far more than I would like my wife to know about!).

Memory Optimizers

I’ve long railed against these things. The only thing that these programs can do is harm real system performance. My advice, stay away from any “memory optimizer” programs. Don’t believe me? How about taking renowned Windows guru Mark Russinovich’s word for it? In his article entitled “The Memory-Optimization Hoax, RAM optimizers make false promises” he lays out the argument better than I ever could. (I can’t reprint the article because of copyright.) His conclusion is that these programs are “fraudware” and he has “yet to see a RAM optimizer that lives up to any of its claims.”…’Nuff said!

Prefetch Parameters

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]

“EnablePrefetcher”=dword:00000005

First, I fail to see where any advantage is gained by messing with the prefetch settings. While disabling the prefetch service (or only using setting 1 or 2) can speed boot times it only hurts overall system performance.

Most tweak guides and popular tweaking programs use a setting of “5”. There is no documentation to suggest that this setting works. MS states that valid values are 0,1,2,3 and that this setting is “anded”. The default value is “3”. I tested using a setting of “5” on 3 occasions and there was no real improvement in boot times and hard drive activity was longer at boot.*

Prefetching is a good thing, leave it alone. In addition well written disk defrag utilities such as Raxco’s Perfect Disk use the layout.ini information for its optimizations.

Clean The Prefetch Folder

As stated above, Prefetching is a good thing, leave it alone. In addition well written disk defrag utilities such as Raxco’s Perfect Disk use the layout.ini information for its optimizations. There is one possible and optional exception to this, see the ” Clean, Defrag, Optimize ” section of this guide for more info.

More about Prefetching

It still amazes me that anyone suggests messing with Prefetch settings and files. They often quote their own “benchmarks” as a source of info as to why you should mess with the settings. I’ve spent over 3 years researching, using, testing, and tweaking XP. I can guarantee you that the default settings for Prefetch and the way XP manages it is the way to go. Anyone who suggests otherwise simply does not understand the process.

Wanna research it yourself?

Google search: prefetch+”windows xp” at microsoft.com

http://msdn.microsoft.com/msdnmag/issues/01/12/XPKernel/default.aspx

Windows XP Prefetch, clean it? NO !

Superfetch

There has been much ado of late about the existence of a ” Superfetch ” or ” Superprefetch ” setting. There is no such setting in XP.

http://www.edbott.com/weblog/archives/000863.html

http://bink.nu/Article4556.bink

Always Unload Dll’s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]

“AlwaysUnloadDLL”=dword:00000001

Here is the first and most important point. I can find no evidence whatsoever that this setting works in Windows XP.** In fact, the only official Microsoft technical documentation I can find on this is here. It clearly and unequivocally states,

“For operating systems prior to Windows 2000, you can shorten the inactive period by adding the following information to the registry.

HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Explorer AlwaysUnloadDll”

For arguments sake, let’s just say that this setting does work in XP. Windows XP uses a complex and efficient process to manage memory operations. It keeps the dll loaded in case you need it again. For example, if you open XYZ and then close it the dll remains in memory. If you open XYZ again it will launch quicker because the dll is already in memory. When/if XP needs the space in memory for something else it will make the space by unloading the dll(s) that aren’t being used. If this setting actually did work, you have hurt your overall performance because you unloaded a dll when it didn’t need to be and caused the system to have to load it again when called upon.

note – For those who state that this tweak would only work in IE. The key is “Explorer” as in the shell, not “InternetExplorer” the browser. Also, whether you make a new key, sub key, entry, or any combination makes no difference.

Set Irq Priority

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\PriorityControl]

“IRQ8Priority”=dword:00000001

I can find no documentation that XP supports this setting. I can find no evidence that this setting works in XP.** If it did work I fail to understand any advantages you might gain. I’m not even sure if it’s possible to reassign IRQ priorities in this manner XP and if you could I’m pretty sure that this key wouldn’t be how you do it (XP uses/accesses/manages IRQ’s differently than previous versions of Windows).**** They use irq 8 because it’s (usually) the CMOS/real time clock.

Disable Paging of Kernel

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

“DisablePagingExecutive”=dword:00000001

Under all but the most very extreme circumstances it does nothing. What this setting does is force XP to keep the kernel (the core of the operating system) in RAM. This means that the kernel will reside in the fastest storage area in your computer. Sounds great right? Guess what? XP does this anyway unless the system comes under such an extremely heavy load that it needs the space. The very millisecond that the system has free memory, it will put the kernel right back into RAM. If the system is in such dire straights that it needs to use the space that the kernel is using I would say you are on your way to a crash and you better let whatever wants the space have it. You also better add more memory ASAP.

Large System Cache

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

“LargeSystemCache”=dword:000000001

This setting is also achieved by going to Start > Settings > Control Panel > System > Advanced > Performance Settings > Advanced > Memory usage = System Cache.

Under XP this tweak could be of some value under various odd circumstances. However, it causes problems with many drivers/hardware/applications.*** This tweak is really designed for machines running as a server. If you use this tweak and have problems don’t be whining at the driver/application writers for writing code that takes advantage of the way XP uses memory. They didn’t ask you to turn your machine into a server.

IoPageLockLimit

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

“IoPageLockLimit”=dword:somevalue

I can find no official documentation on this regarding XP. Suggestions seem to indicate that this setting doesn’t work on any NT based OS from W2K SP1 and beyond. I can find no evidence that this setting works in XP.**

Optimize Boot Files

There are 3 keys related to “tweaks” about optimizing boot files:

1:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]

“Enable”=”N”

Quote from MS:

“Accepted values for this entry are Y or N. If the entry is set to Y, Windows automatically optimizes the file location for boot optimization. This optimization occurs automatically if the system is idle for 10 minutes. Boot optimization improves startup time by locating startup files in contiguous clusters on the volume, reducing the movement of the disk head when reading the volume.”

2:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout]

“EnableAutoLayout”=dword:00000000

Found in TweakUI under the “General” section, “Optimize hard disk when idle”. XP already does this by default but this key is not in the registry. Either you or some application has to put this key in. The key exists so that a non-Windows disk defragger can manage the process.

3: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
“BootFilesOptimized”=dword:00000001

First and most important, as far as I can tell this is an informational key, not a program setting key. Second, lets say it does change the program behavior, the default is to have XP optimize the boot files. So, why wouldn’t you want this? Third, if you use a 3rd party defrag program it may/will modify or delete this value. Changing the existing settings may/will screw things up.

These keys have NOTHING to do with how the full/manual disk defragmenter works, as in when you run the Windows GUI disk defragmenter program (see note #5), this despite what many XP “experts” have opined. XP is set up by default to:

1 – Rearrange boot files when idle for a period of time (10 minutes).

and

2 – To do a “partial defrag” of files every 3 days (what bootvis does).

The “rearrange” part is where it finds all the files needed for boot and places them in one spot on the disk. (Prefetch value 1)

The partial defrag is where it does the same thing for all the items in the prefetch folder layout.ini file. (Combines Prefetch value 1 (boot) and 2 (apps) = value 3)

For best performance leave these settings alone, these are features not bugs. Well written disk defrag utilities such as Raxco’s Perfect Disk may/will adjust these settings because it is now managing your drives defragmenting process.

*****Conclusion

I’m sure some will argue with my conclusions. I’m always looking for information about new tweaks and why tweaks either do or do not work. I will entertain arguments about this information but I will require a few things:

1 – You must submit documentation for your argument from a legitimate source. In matters involving the registry it should be from Microsoft or from some entity of equal weight.

2 – I hear things like “my benchmarking” and “my tests”. That, to be quite frank, is a load of crap. What “benchmarks”? What “tests”? Any benchmarks/tests used in your argument must be fully documented. They must also be able to be replicated and if your argument has any merit, I will attempt to do just that. If it can’t be replicated it fails the scientific method and the argument is null. I’ve already benchmarked/tested these settings extensively.

I know this sounds rather harsh but I get email from people wanting to argue this without anything to back up their argument.

Registry Hacks

Warning: Backup the registry or you may be sorry! If you hose your machine it’s on you. Keep track of where you were in the registry. When editing an item, go up to the Favorites option and add where you are to your favorites!

I try to keep this section as small as possible as I feel the average user is better off using a GUI to manage registry changes. If you want to see more registry hacks see the Creating Your Own Registry Files section later in this guide.

These tweaks assume you are using NTFS (if you aren’t, you should be). I also highly recommend 512mb of ram.

Those who know how can pick the tweaks you desire, save them (copy and paste) as a .reg file and import into the registry. If you don’t know how to do that you can download the following files. You can use the file as is or edit it to fit your needs. To edit the file, right click and open with notepad. To launch the file simply double-click on it. (Please do not link directly to these files.)

Action: Set CPU Priority Levels 3 & 4 only

Purpose: Performance

More Info * I do not use this tweak.

This setting gives a boost to priority of foreground applications. In very overly-simplified terms, what you see on the screen gets more attention from the CPU than what you can’t.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl]
“Win32PrioritySeparation”=dword:00000026

Download priority_sep.reg

Action: These allow you to end tasks faster, shut down faster and speed up the menu display. *All Levels
Purpose: Performance, responsiveness

More Info: ForegroundLockTimeout, HungAppTimeout, MenuShowDelay, WaitToKillAppTimeout, WaitToKillServiceTimeout

[HKEY_CURRENT_USER\Control Panel\Desktop]
“ForegroundLockTimeout”=dword:00000000
“HungAppTimeout”=”4000″
“MenuShowDelay”=”200″
“WaitToKillAppTimeout”=”5000″

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
“WaitToKillServiceTimeout”=”5000″

Download app_menu_speed.reg

*note – I have changed the “MenuShowDelay” from 0 to 200. 0 was simply too fast for some people (my wife gave me some grief about it too ). You can edit this as you see fit. The default is 400.

These next 2 tweaks I consider to be optional. One could argue about whether or not they actually have any speed advantage and you may or may not like the result. I strongly recommend you do these two entries manually so that you can easily undo them if you do not like them but you can also copy and paste them into the .reg file.

Action: Disable User Tracking Levels 3 & 4 only
Purpose: Free system resources.

More Info

“A value of 1 prevents the system from tracking the programs users run, the paths they navigate, and the documents they open. The system uses this information to customize Windows features. As a result, the system disables customized menus and other features that require user tracking information.” (from this page)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoInstrumentation”=dword:00000001

Download user_track.reg

Action: Make Google Your Default Search Tool. (in IE) From Google.

Purpose: User preference

More Info

Download Google.reg

Tweak your Internet Connection

Broadband Tweaks

This is mostly a where to find tools & information guide than a how-to guide. The simple truth is that there is no one-size-fits-all way to tweak a broadband connection. Anyone who tells you that a certain tweak will absolutely work for you is mistaken. These tweaks take some effort on your part. Fortunately there are 2 great place to go for info and discussions, SpeedGuide.net and Broabdandreports.com. I actually like SpeedGuide a little better but you should check them both out. If you get all you want from your connection, my best advice is to leave it alone. For those of you who, like me, never leave well enough alone, read on!

The first thing you need to do is download the latest drivers/firmware for whatever equipment is involved in your connection. Everything that is in the chain should be updated. This may include: NIC or onboard LAN drivers, 802.11x device drivers, USB drivers, and Router and/or Cable/DSL/Satellite Modem firmware. Only update firmware if needed. Routers often have updates to fix security holes.

If you are on a home network or are part of an Internet Connection Sharing (ICS) network, all the machines on that network should have the exact same settings.

About the QOS “tweaks” floating around the net. Ignore them, they don’t work!

Tweaking with SpeedGuide.net

1 – Download TCP Optimizer. Then bookmark the FAQ page.

2 – Take the Speed Test (requires registration) or use the Speed Test at Broadbandreports. Write down your results.

3 – Use the TCP Analyzer. Write down or print the results.

4 – Run TCP Optimizer. Either apply the recommendations from TCP Analyzer or try the “Optimal Settings” button. Reboot.

5 – Run Speed Test again. Faster? Sweet! No? Use TCP Analyzer again. Repeat as needed until desired results are achieved. Be sure to check how your web browsing feels too.

Optimize Your Windows

Step 1 – Malware Removal

Malware Infection which includes Viruses, Worms, Trojans, Spyware, Adware and Rootkits are the #1 cause of system slowdowns. These must be cleaned for optimal system performance.

FACT: 89% of consumer PCs are infected with spyware

Malware Removal 1-2-3 Guide – Malware is short for “Malicious Software”. It is a general term that refers to any software or program code designed to infiltrate or damage a computer system without the owner’s informed consent. This includes Viruses, Worms, Trojans, Spyware, Adware and Rootkits. This 3 step guide will show you how to remove these infections and protect yourself from future infections for free using free software.

^ TOP

Step 2 – Windows Update

SP2 Installation Advisory – Home Page
KB811113 lists all the fixes included in SP2. Before installing SP2 make sure all of your Data is backed up and you have consulted with your PC manufacturer for any potential problems. Viruses and Spyware can cause the SP2 installation to fail, make sure you have run through steps 1 and 2 completely before proceeding. The changes included in SP2 can cause Windows XP and your Applications to stop working, crash or behave differently – KB884130. If the SP2 installation fails you can use these instructions to restore your system: How to recover your computer if the Windows XP Service Pack 2 setup program is not completed successfully (print these out).

Notes – After following the above advisory, it is recommended that you install SP2. The updated security features are well worth it.
- Internet Explorer Pop-up Blocker (I still recommend installing the Google Toolbar if you use IE)
- Internet Explorer Download Monitoring (Warns you about potentially harmful downloads i.e.. Spyware and Viruses)
- Windows Firewall Update (Much better application management and enhanced boot time security)
- Windows Security Center (Notifies you of your AntiVirus, Firewall and Windows Update Status)
- Improved Wireless Support (Improves and simplifies the process of discovering and connecting to wireless networks)
- Data Execution Prevention (Help prevents code execution from data pages)

Windows Update – Home Page
Install All of the updates. Not just the critical ones. This may have to be run multiple times. Run it over again until it says 0 updates available. Non-critical updates are essential for improved performance, compatibility and enhanced features. They are all very safe to install.

Notes – Windows Update requires the following services be enabled in Windows XP:

- Automatic Updates – Automatic
- Background Intelligent Transfer Service – Manual or Automatic

Driver Notes – If a Driver issue arises that Windows Update insists upon installing a Driver version older then one you have updated, do not install the one from Windows Update. Use the manufacturers latest version instead and just ignore that Windows Driver Update. With Drivers, the Hardware manufacturer is the one who is correct not Microsoft. Windows Update will sometimes show a Driver is outdated if it is not “Microsoft Certified”. It is quite ok to use non-certified drivers. Official non-certified driver versions will have been thoroughly tested by the component manufacturer.

Update – Microsoft Windows Journal Viewer can sometimes conflict with Adobe Acrobat Reader when you open .PDF files, Error: “An installation package for the product Microsoft Windows Journal Viewer cannot be found.” If this is happening uninstall The Microsoft Windows Journal Viewer, go to “Start”, “Settings”, “Add or Remove Programs”. The Journal Viewer is only needed to read Journal files created on a Windows XP Tablet Edition PC. It is highly unlikely you will ever need to read these.

DirectX – Download
Windows Update will install the latest version of DirectX. It is still a good idea to check what version you are running and make sure you have the latest version of DirectX installed prior to installing any Drivers. Got to “Start”, “Run”, type in “Dxdiag” and select “OK”. Under the “System” tab, “DirectX Version” check that you have the latest version that is available for Windows XP. – Source

Notes – DirectX 10 is only available for Windows Vista.

^ TOP

Step 3 – Drivers

Installing the latest Drivers improves system performance and application compatibility. Updated drivers include numerous bug fixes as well as system optimizations. It is recommended for optimal system stability to only use Official drivers and not Beta or Prerelease versions. Performance differences between driver versions including Beta or Prereleased drivers is negligible. The only time Beta or Prerelease drivers should be considered is when a serious application bug is fixed in the Beta or Prerelease version and the component manufacturer has not yet released the Official driver version that includes the bug fix.

Driver XP – Home Page
A Windows Driver Guide that includes component links and instructions.

Notes – Windows Update will install very common driver updates, however these will not always be the latest versions and sometimes can even be an older version of one you have already updated, example: nVidia forceware drivers. It is perfectly safe to install the Windows Driver Updates but if you want the very best system performance you have to check for and install the latest drivers manually. If you are having trouble identifying your hardware use:

PC Wizard – Download – Home Page
An advanced system information utility designed for detection of hardware, analysis and benchmarking. Quickly identify components based on their model and manufacturer, allowing you to download and install the correct drivers.

^ TOP

Step 4 – Tweaks

1. Visual Effects
Default Windows XP visual settings may look nice but they slow down system responsiveness. Here is how to keep the “look” of Windows XP while losing the sluggish feel.

Instructions – Go to “Start”, “Settings”, “Control Panel”, “System”, “Advanced” tab, in the “Performance” section select “Settings”. Leave only the following checked:

√ Show shadows under menus
√ Show shadows under mouse pointer
√ Show translucent selection rectangle
√ Smooth edges of screen fonts
√ Use drop shadows for icons labels on the desktop
√ Use visual styles on windows and buttons

Then select “Apply” and “OK”. – Source

ClearType – If you have a Flat Panel Display (Notebook, LCD, Plasma) you will notice improved font display quality enabling ClearType over traditional forms of font smoothing or anti-aliasing. ClearType improves readability on color LCD displays with a digital interface, such as those in laptops and high-quality flat panel displays.

Instructions – Go to “Start”, “Settings”, “Control Panel”, “Display”, “Appearance” Tab, “Effects” button, check “Use the following method to smooth edges of screen fonts”, select “ClearType”.

2. The Paging File
Windows XP by default uses a System managed paging file that works well and it is highly recommended to leave it alone.

“In modern operating systems, including Windows, application programs and many system processes always reference memory using virtual memory addresses which are automatically translated to real (RAM) addresses by the hardware. Only core parts of the operating system kernel bypass this address translation and use real memory addresses directly. Virtual Memory is always in use, even when the memory required by all running processes does not exceed the amount of RAM installed on the system. All processes (e.g. application executables) running under 32 bit Windows gets virtual memory addresses (a Virtual Address Space) going from 0 to 4,294,967,295 (2*32-1 = 4 GB), no matter how much RAM is actually installed on the computer. In the default Windows OS configuration, 2 GB of this virtual address space are designated for each process’ private use and the other 2 GB are shared between all processes and the operating system. Normally, applications (e.g. Notepad, Word, Excel, Acrobat Reader) use only a small fraction of the 2GB of private address space. The operating system only assigns RAM page frames to virtual memory pages that are in use. RAM is a limited resource, whereas virtual memory is, for most practical purposes, unlimited. There can be a large number of processes each with its own 2 GB of private virtual address space. When the memory in use by all the existing processes exceeds the amount of RAM available, the operating system will move pages (4 KB pieces) of one or more virtual address spaces to the computer’s hard disk, thus freeing that RAM frame for other uses. In Windows systems, these “paged out” pages are stored in one or more files called pagefile.sys in the root of a partition.” – Source

Default – Windows XP will automatically set the paging file to the following size based on how much RAM is in your system:

- Initial size (MB): 1.5 x the amount of RAM in your system
- Maximum size (MB): 3.0 x the amount of RAM in your system (PF Size Limit = 4095 MB)

Notes – A properly configured paging file will not resize (increase) so long as the Initial size is set large enough and you have not run out of available RAM. Allowing the paging file to resize is recommended for unforeseen memory intensive situations and will prevent “Out of Memory” error messages from occurring. Any resizing will reset to the default Initial size upon reboot and will not cause any permanent fragmentation of the paging file. Setting the Initial size too large has no negative impact on system performance except to waste disk space if it is not used. Since disk space is usually plentiful it is safer then setting it too small. All arguments about setting the paging file smaller are to conserve disk space and have nothing to do with performance. A permanent solution to this is to add more RAM to your system. It is a good idea to have at least 1 GB to 2 GB of RAM in a PC today. A simple test to determine if you need more RAM is to use you PC for a whole day without rebooting, then look at the Task Manager (Ctrl-Alt-Delete), Performance tab. If the “Commit Charge – Peak” is ever higher then the “Physical Memory – Total” your system could benefit from adding more RAM. When you change the amount of RAM in your system with a System managed paging file, Windows XP will automatically adjust the paging file size for you.

Optimization – “Moving the paging file to a separate physical Harddrive (not partition) from the boot partition will increase paging file performance. However, if you remove the paging file from the boot partition, Windows cannot create a dump file (Memory.dmp) in which to write debugging information in the event that a kernel mode Stop Error message occurs. The optimal solution is to create one paging file that is stored on the boot partition, and then create a second paging file on a separate physical Harddrive (not partition) Windows will use the paging file on the less frequently used partition over the paging file on the heavily used boot partition. Windows uses an internal algorithm to determine which paging file to use for virtual memory management.” – Source

3. Disable Indexing Service
The Indexing Service in Windows XP indexes your files presumably to shorten the time needed to search your hard drive if you are looking for a specific file or part of a phrase inside a file. However, the constant indexing of files actually slows down system performance by using a lot of pagefile space and CPU time. – Source

Instructions – To disable the Indexing Service go into “My Computer”, right-click on all your hard drive partitions one at a time, left-click “Properties”. Uncheck “Allow Indexing Service to index this disk for fast file searching”. Select “Apply changes to subfolders and files”. If any files cannot be updated select “Ignore All”.

4. Disable Windows XP Sounds
Having sound effects set for common Windows XP tasks slows your system down. This affects startup and shutdown speeds the most.

Instructions – To disable all Windows XP task sounds go to “Start”, “Settings”, “Control Panel”, “Sounds and Audio Devices”, select the “Sounds” tab, under “Sound Scheme” select “No Sounds”.

5. Uninstall Useless Windows Components
Windows XP installs some components by default that are not needed.

Instructions – Go to “Start”, “Settings”, “Control Panel”, “Add or Remove Programs”, select “Add/Remove Windows Components”, uncheck:

_ Indexing Service
_ MSN Explorer (If you use MSN as your ISP leave “MSN Explorer” checked)

Then select “Next” and “Finished”.

6. Reduce Recycling Bin Drive Space Usage
In Windows XP the Maximum size of the Recycle Bin is set by default to 10% of your hard drive, when full, this can be a big waste of drive space. Reducing the Maximum size prevents excess space from being wasted. It is quite common to have hundreds of MBs of deleted files in the Recycling Bin and it is never emptied.

Instructions – To change the Recycling Bin Size, right-click on the “Recycle Bin”, left-click on “Properties”, select the “Global” tab, then “Use one setting for all drives”. Move the slider to “3%”.

7. Reduce System Restore Drive Space Usage
System Restore creates periodic snapshots of your critical system files (like the registry files, COM+ database, user profiles, and such) and stores them as a “restore point.” In case something goes wrong with your system you can revert back to a previous working state. The default size that System Restore can take up can be quite large.

Instructions – Go to “Start”, “Settings”, “Control Panel”, “System”, “System Restore” tab, for each drive partition highlight it then select “Settings”, under “Drive Space Usage” adjust the slider so System Restore is only using roughly 5% or a minimum of 1000 MB of disk space per partition and select “OK”.

8. Increase the Mouse Pointer Speed
By default Windows sets the Mouse Pointer Speed to an average speed, which can slow down the time it takes to move the cursor around the screen. Increasing this will allow you use your computer quicker and more efficient with less mouse movement.

Instructions – Go to “Start”, “Settings”, “Control Panel”, “Mouse”, “Pointer Options” tab, under “Motion” adjust the slider 1 to 5 steps closer to “Fast”. Only 1 to 3 steps is recommended. Then check “Enhance pointer precision” and select “OK”.

Notes – This is a personal preference and should be decided by the user. The tab that the Motion setting will be under can change with third party mouse drivers. Novice Windows users or users with Motion Disabilities will not want to adjust this much, if at all. Cheap and worn out mice can give poor responsiveness, it is recommended to be using a precision optical mouse. Microsoft Optical Mice are highly recommended.

9. Prefetcher Fix – Download
Prefetching is a new feature in Windows XP that dramatically improves initial application load times and Windows boot times automatically. The slower your system and the larger an application, the more Prefetching helps. Even high end systems benefit from prefetching with large, slow loading applications, such as large games. By default Prefetching is enabled in Windows XP and already configured optimally. However there is a lot of misinformation regarding this feature and bad “tweak” programs on the internet that can disable prefetching and cripple your application load times. Find out more in XP Myths. Windows Prefetching requires that the Task Scheduler service be running and set to Automatic. The other Prefetcher settings have to be set in the Registry, this file will do this all for you. – Source

Instructions – Download, unzip and run the “Prefetcher Fix.reg” file and reboot. This will restore the Windows Prefetcher to it’s default and optimal state. It will also set the Task Scheduler Service to Automatic.

- Task Scheduler – Automatic

Then use Windows Explorer and look in the C:\WINDOWS\Prefetch folder. You should see a file name for any application you have started since Prefetching was enabled. Never clean this folder or disable Windows Prefetching with any “tweaks” as you will cripple your application load times and Windows boot times by as much as 100%. The Prefetch folder and layout.ini files are self-cleaning when it reaches 128 entries. No user intervention is ever necessary. Once you have confirmed it is running leave it alone. Anyone who claims otherwise does not understand how Windows XP Prefetching works.

10. Disable AVI Previewing – Download
Opening a folder containing a large number of AVI files can open quite slowly because Windows has to open each AVI file and extract information from them. If you have a large collection, you can speedup XP’s folder access by disabling it from automatically extracting this info. This can also fix problems when trying to rename or move AVI files and you get an error message: “it is being used by another person or program. Close any programs that might be using the file and try again.”

Instructions – Download, unzip and run the “Disable AVI Previewing.reg” file and reboot.

Notes – You will no longer have the second page of properties in windows explorer displaying the AVI file information such as width, height and bitrate. Other software such as GSpot can provide you with this information.

^ TOP

Step 5 – Utilities

Autoruns – Download – Home Page
Utility to display and control startup applications. Disabling unnecessary startup applications improves boot up time and overall system performance.

Instructions – Unzip and launch Autoruns.exe, wait until it says “Ready” in the bottom left corner, then select the “Logon” tab. Next select “Options”, check “Hide Microsoft Entries” and press the refresh button or press the “F5″ key. The remaining items are third party applications. Uncheck all that are not needed, this will disable them from loading at Windows startup. AntiVirus and Firewall applications are necessary applications that should be running on startup. If you are unsure of what something is, highlight it, select “Entry” then “Google” to launch a search for more information regarding the highlighted application. You can permanently remove items by deleting them. Do not “Delete” anything unless you are 100% positive you do not need it. Disabled (Unchecked) items can be activated again by rerunning Autoruns, checking the item and restarting Windows.

Notes – You can control the startup applications for separate user accounts by selecting “User” and the account you want to edit. This is a much more powerful tool then the built-in System Configuration Utility (msconfig).

Chkdsk – Home Page
Built-in Windows file system repair utility.

Instructions – Go to “Start”, “My Computer”, right-click on the “C:” drive, left-click “Properties”, select the “Tools” tab, click “Check Now…”, check “Automatically Fix File System Errors”, then click “Start”, “Yes” and Reboot. Repeat this for any other hard drive partitions in your system. Only the drive partition with Windows installed will require a reboot.

Disk Defragmenter – Home Page – (Unnecessary if Diskeeper is installed)
Built-in Windows defragmenter, a lite version of Diskeeper. File system performance is maximized when files are contiguous on the disk. This means that all of the data in each file would be located consecutively on the Hard Drive. Instead of fragmented into separate parts all over the disk surface, causing the Hard Drive to work harder (slower) to read and write your files. While “Disk Defragmenter” is better then nothing it does not fully optimize your hard drive performance, runs 300-500% slower, cannot be scheduled without a third party application and includes no advanced features. Since the built-in “Disk Defragmenter” is very I/O intensive your system is not usable while it is running. There are no Free Defragmenters that do a better job, in which case you have to purchase a Commercial Defragmenter such as Diskeeper.

Instructions – Double-click “My Computer”, right-click the local disk volume that you want to defragment, Example: Local Disk (C:), and then left-click “Properties”. On the “Tools” tab, select “Defragment Now”, then “Defragment”. The following service needs to be enabled:

- DCOM Server Process Launcher – Automatic

Alternate – Go to “Start”, “Run”, type “Dfrg.msc”. Select the volume that you want to defragment, then select “Defragment”.

+ StartDefrag – Download – Home Page – (Unnecessary if Diskeeper is installed)
Automates the scheduling of the built-in Disk Defragmenter to run at a set time everyday or once a week.

Instructions – Install and run. Select the “Configuration” tab, under “Scheduled Day” either select a specific day during the week or “Everyday”. Then under “Scheduled Hour” select a time when you will not be on the computer but the computer will be on. This is important since the built-in Disk Defragmenter will consume most of the system’s resources while running and will not be usable until it is finished. Finally select “Save Changes” and “Exit”.

Notes – Do not use this with Diskeeper, which includes a much more advanced and efficient real-time scheduling option. If you install Diskeeper delete the StartDefrag scheduled task and uninstall StartDefrag. To delete the scheduled task, go to “Start”, “Programs”, “Accessories”, “System Tools”, “Scheduled Tasks” and delete the task. If it is the only scheduled task listed it will be called “AT1″.

+ PageDefrag – Download – Home Page – (Unnecessary if Diskeeper is installed)
Defragment the paging file and the Registry. “One of the limitations of the Windows 2000/XP defragmentation interface is that it is not possible to defragment files that are open for exclusive access. Thus, standard defragmentation programs can neither show you how fragmented your paging files or Registry hives are, nor defragment them. Paging and Registry file fragmentation can be one of the leading causes of performance degradation related to file fragmentation in a system.”

Instructions – Download, Run, Look at the “Fragments” column if any of the items is in more then one fragment select “Defrag at next Reboot”, than “Ok” and Reboot.

Notes – If you readjust the paging file size, rerun PageDefrag, otherwise this only needs to be run once. On badly fragmented hard drives with a lot of files, PageDefrag may take a long time to run, be patient and let it finish.

read from : http://home.comcast.net/~SupportCD/OptimizeXP.html

GUNUNG RINJANI NATIONAL PARK : One of the Best Treks in Southeast Asia

Gunung Rinjani National Park covers an area of 41,330 hectares on the northern part of Lombok. The peak of Gunung Rinjani reaching up to 3,726m dominates the landscape.

Gunung Rinjani National Park offers the beauty of the volcano, the Segara Anakan Crater Lake and the challenge of climbing the mountain. There are also guided village tours which provides a glimpse of local culture and the opportunity to meet the locals.

How to Get There :
Senaru and Sembalun Lawang Villages are The two starting points for excursions into the park as well as for climbing Mount Rinjani. Senaru Village can be reached within three hours drive to the north from Mataram, while Sembalun Lawang Village is approximately a four hours drive to the east of Mataram.

The Best Season to Visit :
August to December every year.

Contact :
Gunung Rinjani National Park Office
Jl. Erlangga 88, Mataram
Lombok – Nusa Tenggara Barat
Ph. (0370) 627764
Email: tngr@indo.net.id

Optimise your network with squid proxy

what is squid ??

Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite – we’re getting there!) HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications

Getting Squid

Obtaining Squid is easy! You have a number of choices:

Many operating systems include Squid in their ports/packages system. This is an easy way to get Squid up and running quickly, and a good way to keep up-to-date with new Squid versions.

You might also like to download an official source code release from here or one of the mirror sites. This allows you to customize your Squid installation when you compile it. After downloading, refer to Compiling Squid for assistance with compiling the source code.

In some cases, you may want (or be forced) to download a binary package of Squid. They are available for a variety of platforms, including Windows.

Finally, if you are a developer, or want to closely track the source code, feel free to get it from the Squid CVS server.