- notageek.it di Mirko Iodice - http://www.notageek.it -

muicache! – Eng

cliccate qui [1] per la versione italiana di questa pagina

Shortly: an alternative solution which is able to collect information from every pc of a company's network about executed applications with the aim of identifying and maybe blocking malware and non-authorized software.

Authors: Mirko Iodice, Luca Alberti

Server-side script tested on: Windows 2000 Server (32 bit), Windows 2003 Server (32bit), Windows 2008 R2 (64 bit), Windows XP Professional (32bit), Windows Vista (32 bit and 64 bit), Windows 7 (32 bit)

Client-side script tested on: Windows 2003 Server (32bit) Windows XP Professional (32 bit), Windows Vista (32 bit and 64 bit)

Are you sure to have the complete control of what you have installed and are using on your network computers?

Just imagine the fact you are examinating a computer which is obviously showing signs of an infection. Once located the problem the first question you'll probably ask yourself is: "How is it possible that this pc has been infected?" The only thing you know for sure is that your operating system is completely up to date and that the user does not have any administrative rights on it. But checking it properly you'll find out that other kinds of software have been installed or used and you were not aware of it: Skype, Emule, uTorrent,… three programs which may cause a diffusion of non-authorized data and also permit the penetration of malware in your network. The problem of this scenario is that, in absence of complicated and expensive solutions (also administratively speaking) which enables you to monitor and block the outgoing network traffic, for OS's security and integrity you are relying only on the fact that "limited" users can't install programs without your permission. You are forgetting that today it is possible to download and use applications which can be simply installed in the user's security context…. You do not believe it? Watch the following video (1:45 min):

How do you resolve this problem and possibly set software restriction policies?

The toolkit "muichache!" tries to give you a steady answer to this question also showing how this is possible with the only tools already in your possession and also with a minimal impact on the network performance and the administrative costs.

The idea behind this tool is very simple: collect into a database various informations about the software executed by your users using only the technologies already available in a Microsoft Active Directory domain.
Starting from the values contained in the "HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache" registry key already existing in every network computer, muichache! is able to collect a majority of information for every single detected application:

Once filled the database it will be automatically exported in XLS format so it will be easy to consult thanks to Microsoft Excel or OpenOffice.org Calc [2].

One of the most interesting aspects is given by the chance of having an SRP-string [3] for every single application obtained. It means that you already have sufficient information to create and maintain rules for Software Restriction Policies [3].

How does muicache! work in specific!? Which are the technologies used in detail?

muicache! is composed of two parts:

For further information please read the installation and user's guide [7].

Watch the following video showing you muichache! in action.


muicache.zip [8] | version 1.0 | last update on October 22, 2009 | Read the installation and user's guide [7]

Known Issues