OK, d/l *and installed* BO test, just as before, and this time I let it make its Start menu entry.
BTW, in the Agreement, I clicked on the "Privacy Policy" link, and got a broken-link message. That's scary.
Anyway, it did exactly as before. A box was presented, with the checkblock "run all tests" checked. There was a "test" button, which, presumably, starts the "test". I clicked it, and nothing happened.
In the Programs folder, there is BO Tester.exe, which *does* open the GUI, which *does* apparently allow the user to start the tests, as expected.
There is also botester32.exe, presumably the actual executable of the tests, and which presumably is started by clicking "Test" on the GUI. It's only 3.5 Kb -- very nice and lightweight. Since the GUI wouldn't activate it, I tried 2-clicking it myself -- nothing.
Tried running it from Start/Run command line, and when that didn't work, tried opening an actual command prompt. I could successfully open the GUI, but not the actual botester32.exe.
I must tell you that this machine has had more than 90% of Windows XP deleted from it, getting rid of what's useless and obsolete (like the setup instructions for Win 3.1 from 1991 that you'll find in %windir%\system --- *really*!
), and what I don't need, keeping all functionality that I need, which is everything, really. Lot of bloat in there. But by cutting the Windows folder from 2700 MB to 275 MB, it also cuts the attack surface by 90%. Perhaps some files or libraries needed by botester are among the deleted (I'd have thought they'd have made it self-supporting.) Perhaps said libraries were also vulnerable to the buffer overruns, or were needed to execute them. To be truly fair, when I drag the untrimmed, back-up machine out of its box to get the October MS Updates, I'll try to remember to run BO Tester on it.
But it brings up another interesting point. There are two ways to improve your defenses:
The one everyone looks at is building more walls around your attack surface -- firewalls, AV, DEP, NS, Sandboxie -- all good.
But the other side of the coin is reducing your attack surface, so that you have less to defend in the first place. Cutting Win as much as I did certainly isn't for everyone. But using 3.7 Mb Foxit reader vs. 368 MB Adobe reader, getting old version 2.0 of Foxit without native JS support, or disabling JS in Adobe if you must have Adobe (why?), removing JS support from Open Office text docs, and all other support for embedded executables, deleting all screensavers (obsolete when CRT tubes went out, anyway,) etc.... The less you have to be attacked, the less defense you need, and/or the fewer vulnerabilities you'll have. Food for thought.
Cheers,
Fellow aspirant to knowledge
