IN THIS FREE EDITION:

0. EDITORIAL: Securing USB Flash Drives

1. TOP TECH SITES AND RESOURCES

1.1 Recovering Data from a Corrupted Hard Drive
1.2 Free Online Digital Editing Service
1.3 Make Firefox Look Like Internet Explorer
1.4 Expanding Microsoft Search to Cover More File Types
1.5 Programs That Won't Run in a Limited User Account
1.6 How to Select the Best File Compression Program
1.7 Free Open Source Programs That Can Replace Commercial Software (Premium)
1.8 Fix Window File Association Problems
1.9 Excellent Windows Tips and Tricks Site (Premium Edition)

See Your Product Advertised Here. Click for Details

2. TOP FREEWARE AND SHAREWARE UTILITIES

2.1 An Easy Way to Know if you are Surfing Securely
2.2 Flash Drive Management Systems
2.3 Free Utility Copies Un-copyable Files
2.4 Superb Collection of Free Hard Drive Diagnostic Utilities
2.5 Learn to Type While Playing Computer Games (Premium Edition)
2.6 Free Utility Extracts Text from Binary Files (Premium Edition)
2.7 Free Utility Times How Long a Program Takes to Run (Premium Edition)

3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES

3.1 Microsoft Security News
3.2 You Need To Update QuickTime and Flash Now
3.3 A Serious Warning from Gizmo
3.4 Microcode Update for Late Model Pentiums

4. OTHER USEFUL STUFF

4.1 Good Deals on Computer Stuff
4.2 Mind-blowing New Photo Technology
4.3 Running Linux from a USB Flash Drive
4.4 Free Utility Lets You Record Screen Sessions Easily
4.5 Website Allows You to Create Your Own Comic Strips
4.6 Useless Waste of Time Department
4.7 Free Web Service Lets You Sell Event Tickets Online (Premium Edition)
4.8 Free Online Photo Gallery Generator and Photo Album (Premium Edition)
4.9 Super Cheap Chinese USB Drive Guaranteed Never to Fail (Premium Edition)

5. TIP OF THE MONTH

5.1 How to Improve Your Security When Using a Public Terminal (Part 3 of 4)

6. FREEBIE OF THE MONTH

6.1 Recover Deleted Files from Digital Cameras and MP3 Players
6.2 Free Utility Hides Folders (Premium Edition)

7. MANAGING YOUR SUBSCRIPTION

Securing USB flash drives is not quite as simple as you might hope. Simple no, but possible yes.
That's because drive encryption, one of the simplest and robust forms of protecting a PC, won't work unless you have administrator privileges on the host PC you plug your USB drive into.

This immediately rules out most hotel computers, internet cafes and other public terminals.

It's a point I made in last month's editorial when I stated that most popular disk encryption utilities like TrueCrypt were unsuitable for encrypting USB flash drives as they require administrative privileges to run. I suggested the alternative of encrypting your private data using the encryption capabilities built into archiving programs such as IZarc2Go

This prompted a number of subscribers to write in. Some suggested the mobile version of the specialist encryption utility Cryptainer LE could be used, provided the container on the USB drive was first created on a PC with admin privileges. Others made similar claims for TrueCrypt when used in "Travel" mode and for other similar utilities as well.

Alas dear readers, these claims while well meaning are not correct. To the best of my knowledge every encryption program that works by creating a container or encrypted virtual disk needs to load a driver to encrypt/decrypt that disk and loading a driver in Windows requires admin privileges. It's as simple as that.

There are however many free encryption programs that don't work by creating containers and a lot of these will work on USB drives attached to hosts accounts with limited user accounts.

Unfortunately most of these programs are designed to encrypt files or folders rather than whole disks. That's not quite as convenient a solution as a virtual disk and carries the risk that there may be some recoverable remains left on the disk of the original unencrypted file.

I looked at a few of these programs. My favorite file encryption utility dsCrypt works like a charm on USB drives but is inconvenient to use as it can't handle folders. Another favorite AxCrypt needs admin privileges unless you use its self decrypting executable feature but that's of no use when you want to encrypt data. AFS3, Private Disk Light and Remora Disk Guard will handle folders though they encrypt the individual files separately within their folders. And all these programs (AxCrypt excepted) leave the original unencrypted files intact. That means you have to separately shred the originals using a secure deletion program.

So on balance none of these free encryption programs offers USB flash drive users any real advantage over using IZArc2Go, 7-ZIP [11] or other portable encrypting archiver. It's a sad state of affairs and I wish there was a better solution. Indeed, if anyone knows one please let me know.

Of course, none of this is a problem if you only use your flash drive on PCs where you have administrator privileges. In this case TrueCrypt, Cryptainer LE and AxCrypt all offer a convenient and highly secure solution.

So there it is dear readers. If you want to use your USB stick on public terminals then you will need to put up with a little inconvenience to secure your data. It's not a show stopper though. Using IZArc2Go to protect your USB drive is a perfectly workable solution, indeed it's what I use myself. When used together with a portable secure file deletion program like UltraShredder [10] it's also highly secure. It's just not as convenient as using a program that uses encrypted virtual drives.

If absolute convenience is a must you may be better off with a USB drive with a fingerprint reader or built in smart card. Just be aware though that it's hard to establish whether the security of these proprietary solutions is as good as the vendors claim.

See you next month

Gizmo
editor@techsupportalert.com

PS This month I'm giving away six free copies of the the top rated anti-virus NOD32. For details, see below.

Support Alert is not produced by a giant publishing empire, it's the work of one man, working alone, namely me.

Support Alert relies on paid subscriptions to the Premium Edition to survive. If you feel that you've benefited from reading the free edition perhaps you would like to consider subscribing to the Premium.

The Premium Edition contains almost twice the number of great tech sites, free utilities, tips and other content as the free edition. It's also ad-free.

When you subscribe you'll also get immediate access to the archive of all past issues of the Premium Edition where you can catch up on the hundreds of great utilities you missed in the free edition. If you like the free edition you'll love the premium. At $10 per year it's just the cost a few coffees.

This month I'm giving away to new Premium subscribers, six free copies of the the top rated anti-virus NOD32.

NOD32 is a brilliant program for protecting your PC yet it only consumes a modest amount of your computing resources. That's why I use it on my key work computers. At $39 it's good value but it's even better value when you can get it for free.

The six copies I'm giving away will be allocated at random but your chances of scoring one are actually quite good. So if you have been thinking of subscribing, now's the time.

Even if you don't win anything you'll still get my special report "Gizmo's Desert Island Utilities" which outlines the software I use myself, including many free products.

How to subscribe to the Premium Edition: 12 months subscription to the Premium Edition costs $10 which can be made by credit card, PayPal or eCheck. Use the link below to subscribe now:

http://www.techsupportalert.com/se-edition.htm

1.0 TOP TECH SITES AND RESOURCES

1.1 Recovering Data from a Corrupted Hard Drive
Data recovery is a very complex issue with many different kinds of problems and many possible solutions. However I was impressed by this detailed guide that shows you how you can use a Knoppix live CD to recover data from a Windows disk. It's not the only solution of its kind but the excellent instructions make it worth bookmarking.
http://www.shockfamily.net/cedric/knoppix/

1.2 Free Online Digital Editing Service
I've previously mentioned Fauxto, an online digital editing service that offers PhotoShop like capabilities. Picnik is another such service but with a different twist. Rather than offering fancy editing features it has blinding speed and excellent integration with Flickr, Picasa web albums and Facebook. You can of course upload photos from your computer as well. Image formats supported include JPG, GIF, PNG, BMP, TIF and TGA. Picnik is Flash based and makes use of Google's new Gdata API. If Picnik is an indication of how well this interface works then I look forward to seeing the next round of applications that embody this technology.
http://www.picnik.com/

1.3 Make Firefox Look like Internet Explorer
Why would you want to do this? Because it's a clever way to wean change-resistant users away from IE.
http://johnhaller.com/jh/mozilla/firefox_internet_explorer/

1.4 Expanding Microsoft Search to Cover More File Types
All of the recent Microsoft search products from the inbuilt Windows Search through to Desktop Search can be expanded to index the content of a wider range of different file types by using iFilters. You can think of these as plug-ins each allowing the Microsoft search products to access the content of specific files types such as PDF, CAB, RAR etc. This site [1] offers a wide range of iFilters, most of which you can download for free. Thanks to subscriber Oliver Jones for the suggestion.
http://www.ifilter.org/faq.htm

1.5 Programs That Won't Run in a Limited User Account
Working with a Windows limited users account is a good way of reducing the chance of getting infected by malware. Unfortunately many poorly written programs won't work properly in a limited account. These sites list some of the worst offenders:
http://www.threatcode.com/admin_rights.htm
http://www.pluralsight.com/wiki/default.aspx/Keith/HallOfShame.html

1.6 How to Select the Best File Compression Program
In issue #186 [1] I mentioned KGB, an archiving program that can compress text files down much smaller than many popular archivers though it takes a lot time and computing power in the process. This prompted subscriber Erik Wasberg to write in about a site called maximumcompression.com [2] that compares dozens of different archivers on the basis of compression efficiency, resource usage and time taken across various file types. This outstanding site is essential reading for those who needs to archive large amounts of data or indeed, anyone who has a general interest in file compression.
[1] http://techsupportalert.com/issues/issue146.htm#Section_2.2
[2] http://www.maximumcompression.com

** These items appear only in the Premium Edition **

1.7 Free Open Source Programs That Can Replace Commercial Software

1.8 Fix Window File Association Problems

1.9 Excellent Windows Tips and Tricks Site

Got some great tech sites to suggest? Send them to: editor@techsupportalert.com

2.0 TOP FREEWARE AND SHAREWARE UTILITIES

2.1 An Easy Way to Know if you are Surfing Securely
I've been harping at you in recent issues to always surf securely using a sandbox or with your browser running in a Windows limited user account. That's because there are now so many new malware threats and hostile sites around that secure surfing has moved from being a nicety to a necessity. Last month I even published a guide [1] showing you exactly how to do it. This prompted subscriber Hal D. to write "Gizmo, I followed your simplified instructions and created a safe version of my browser using DropMyRights, together with a desktop icon. I just click the icon and it launches by browser ready for safe surfing. It seems to work great but therein lies the problem. How do I tell if it's actually working?"
It's a great question Hal but thankfully there is a relatively simple answer. For Internet Explorer users there is a free add-on called PrivBar that installs a new toolbar that displays the privilege level the browser is currently running under. That is: Administrator, Power User, User or Restricted User. This along with strong color coding provides an immediate and unambiguous indication of your browsing security level. Unfortunately PrivBar has no installation routine and the instructions on the site are a little obscure so I've created an easy installation guide here [3]. Firefox users have it a little easier. There is a free extension called IsAdmin that does much the same thing as PrivBar though it uses an icon in the Status Bar to indicate the security level rather than a toolbar. So there you are: now you can not only surf safely but additionally enjoy the confidence of knowing you actually are. :>)
[1] http://www.techsupportalert.com/safe-surfing.htm
[2] http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx
[3] http://www.techsupportalert.com/installing-privbar.htm
[4] https://addons.mozilla.org/en-US/firefox/addon/4259

2.2 Flash Drive Management Systems
If you are getting into USB flash drive computing you are going to have to quickly make a decision about the approach you are going to take to managing and organizing your portable applications. That's because there are a number of different application launchers / management systems available such as U3, Ceedo, MojoPac, PortableApps, LivePC and more. While each of these has its merits as a menu system they have a much wider significance in terms of the kind of portable programs you can run from your flash drive. Over the last few weeks I've tried all these systems and that while each has its attractions and problems they all can be made to work. Indeed each may suit a particular kind of user so it's hard to make general recommendations. So what's my personal take? I found U3 [1] too limited by its proprietary nature. Also there are just not that many U3 apps around that aren't also available in non-U3 so why lock yourself in? Ceedo [2] is also proprietary but the ability of its Argo plug-in to convert any app to a portable version sounded attractive. However it flunked on five out of the seven products I tried. MojoPac [3] is based on a great idea: it creates a portable version of your own desktop. Unfortunately it requires admin rights on the host so that counts me out. LivePC [4] on the other hand doesn't use conventional portable apps at all. Rather it uses online applications running from your own personalized desktop that you can access through your USB drive. It's a great system but too limited by the rather thin collection of apps available from their site. That leaves PortableApps [5]. This is a free menu based system that allows for the easy installation of portable programs that are bundled in a special PortableApps format. That format however is an open standard. Furthermore the site offers a huge array of free programs already packaged in the PortableApps format including many popular open source programs. They also offer a handy suite that bundles together the most popular programs including Firefox and Thunderbird in a single download. Sounding good? But here's the clincher. You can add pretty well any portable application to the PortableApps menu (launcher) simply by including the app's folder inside the PortableApps folder. I've decided to go with PortableApps. Consequently I've erased the Ceedo system that came pre-installed on one of my USB drives and also entirely removed the U3 installed on another.
[1] http://www.u3.com/
[2] http://www.ceedo.com/
[3] http://www.mojopac.com/
[4] http://www.moka5.com/products/index.html
[5] http://portableapps.com/

2.3 Free Utility Copies Un-copyable Files
Recent I had to transfer several hundred megabytes of media files from one large external drive to another. With Windows Copy the job just kept crashing. I tried the venerable but still effective XXCopy [1] but it fared no better. I then remembered a utility called Unstoppable Copier that had been recommended by subscriber George Rakocsi that I had never got around to checking out. It seemed the perfect tool for the job. According to the website Unstoppable Copier "allows you to copy files from disks with problems such as bad sectors, scratches or that just give errors when reading data. The program will attempt to recover every readable piece of a file and put the pieces together. Using this method most types of files can be made useable even if some parts were not recoverable in the end." Well I'm pleased to say Unstoppable Copier worked perfectly. As it turns out just one file was corrupted out of the 2700 files on the disk and that's what was causing Windows Copy to fail. After that incident do you think I'm going to recommend Unstoppable Copier? You bet and not only for problem copying but for recovering partly corrupted files as well. It's just the thing for getting your information off scratched CDs and DVDs, aging floppies and failing hard drives. Don't expect it to perform miracles though; some disks are just too physically damaged to allow data recovery. Freeware, All Windows versions, 67KB.
[1] http://www.xxcopy.com/index.htm
[2] http://www.roadkil.net/unstopcp.html

2.4 Superb Collection of Free Hard Drive Diagnostic Utilities
This site has some of best technical utilities for hard disk diagnosis that I've seen and they are all free. From low level formatting to hard drive diagnostics everything you could want is there. As these are advanced tools designed for use by techies I'm not going to explain more. And don't expect the documentation to help - it's mostly in Russian :>) Seriously folks, if you don't know exactly what the tools on this do then please don't download them as there is a serious chance you will harm your PC. For experienced users though these tools are invaluable. Do check out the rest of the site; it's a wonderful resource for everything related to hard drives.
http://hddguru.com

** These items appear only in the Premium SE Edition **

2.5 Learn to Type While Playing Computer Games

2.6 Free Utility Extracts Text from Binary Files

2.7 Free Utility Times How Long a Program Takes to Run

Got some top utilities to suggest? Send them to
editor@techsupportalert.com

3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES

3.1 Microsoft Security News

IIn the last month we have seen a number of flaws revealed in Microsoft's massive .NET Framework some of which were fixed in the July Patch releases. To me, this augurs of things to come. The .NET Framework is a big product that's widely deployed. That makes it a sitting duck for exploitation. So add .NET to your list of products you should be concerned about. Other members of that list include MS Office, Adobe Acrobat Reader, Flash, Sun Java, Oracle and QuickTime.

Also notable during the month was a bun-fight between supporters of Firefox and Internet Explorer. The fight was over who was responsible for a flaw in Firefox that made use of Internet Explorer. Despite all the shouting and finger-pointing the flaw remains unpatched. Those who have both Firefox and IE installed may want to consider implementing the work-around suggested here [1].

News Flash: Just as I was publishing this issue a new Firefox version 2.0.0.5 was released that fixes eight security flaws including  MSFA 2007-23  "Remote code execution by launching Firefox from Internet Explorer." Mozilla comments in the release notes "This patch does not fix the vulnerability in Internet Explorer ... Mozilla highly recommends using Firefox to browse the web to prevent attackers from exploiting this problem in Internet Explorer." (Sic) More details here [4]. All Firefox users should update to 2.0.0.5 from here [5].

Patch Tuesday the 10th of July saw the release six security bulletins from Microsoft covering 11 separate flaws. Seven of the 11 flaws were rated as critical and addressed problems in Excel, Windows Active Directory and the Microsoft .NET Framework.

Further details of the July updates can be found here [2]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and you will need a considerable period of time online for them to download successfully. If you have any doubts whether you have received the updates, then visit the Microsoft Update Service [3] now.

[1] http://tinyurl.com/2efbb5  (Eweek.com)
[2] http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx
[3] http://update.microsoft.com (Requires IE5 or later)
[4] http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
[5] http://www.mozilla.com/en-US/firefox/

3.2 You Need To Update QuickTime and Flash Now
Apple have released V7.2 of QuickTime that patches eight serious flaws in the product the worst of which could allow your computer to compromised simply by watching a specially crafted QuickTime movie. More details here [1]. If you QuickTime version number is less than 7.2 then please update from here [2] now. Adobe has also released a patch for its highly popular Macromedia Flash plug-in. This fixes flaws in Flash that, like the QuickTime flaw, could allow your computer to be compromised simply by watching a malicious Flash movie. According to the Adobe bulletin the flaw affects "9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier." You can update from here [3]. These flaws are serious folks; please update immediately.
[1] http://docs.info.apple.com/article.html?artnum=61798
[2] http://www.apple.com/support/downloads/
[3] http://www.adobe.com/support/security/bulletins/apsb07-12.html

3.3 A Serious Warning from Gizmo
Over the last few months I've been warning you of the necessity to regularly check the availability of security updates for all the software on your PC not just Windows and Office. If you want proof of the need, read the item above. The easiest way to check for security updates to your software is to use the free Secunia Software Inspector Service [1]. I suggest you use it regularly. After each monthly Windows Update is a good time to visit Software Inspector; use it as a reminder.
[1] http://secunia.com/software_inspector/

3.4 Microcode Update for Late Model Pentiums
These days it is possible to update the firmware of processing chips in much the same way you update your BIOS. Before you start thinking that maybe you can update that old P3 to the latest P4 let me tell you that these updates are only issued to improve reliability and solve bugs rather than to improve speed or upgrade models. Microsoft has details on its site of a recent microcode update to Intel Core 2 due processors including the Mobile, Desktop, Desktop Quad, Extreme and Xeon processors 3000, 3200, 5100 and 5300 series. Microsoft suggests that users of these processors install the updates if they are experiencing Stop errors or unpredictable system behavior. Unlike BIOS updates there is little risk in the updating process as the code is volatile and can be removed if necessary by a reboot. Thanks to subscriber Lex Davidson for the link.
http://support.microsoft.com/kb/936357

----------------- sponsored links -----------------------
The Best Windows Backup Software
We are in the process of updating all the backup reviews at our site but I can tell you right now that the top product has blitzed the field for a second year in row. In fact, it's improved so much that it's now a one horse race for our "editor's choice." The updated review of the top product is now online. If you have been looking for a backup program, this is the one.
http://www.backup-software-reviews.com/

The Best Spyware Detector
If you use Ad-aware or SpyBot you will be surprised just how more effectively SpySweeper detects and protects your PC from  Spyware, Trojans, keyloggers and other malicious products. That's why it won the prized "Editor's Choice" award from PC Magazine and is rated "outstanding" by Gizmo Richards, editor of the highly regarded Support Alert newsletter. Spyware has become so serious you can't afford less than the best protection. Install it now before it's too late. 
http://www.webroot.com/wb/products/spysweeper/index.php?rc=1132

The Best Remote Access Software
Our reviewer had given this product category away as "too slow, tool clumsy and too unreliable" but after reviewing this product he's changed his mind; "at long last a remote access solution that actually works! Quite frankly we agree with him, it's an impressive product. Read the full review here:
http://www.pcsupportadvisor.com/best_remote_access_software.htm

The Best Drive Imaging Program
In this race there are really only two runners worth considering. In this review we do an in-depth comparison of the top contenders but in the end, one product is the clear winner.
http://techsupportalert.com/drive-imaging-reviews.htm

The Best Places to Buy Cheap Inkjet Printer Cartridges
If you are in the market for compatible inkjet printer cartridges you should check out our Editor's reviews of the best and cheapest inkjet printer cartridge sites. We've bought inkjet cartridges from all the sites listed and can speak with authority on the quality offered.
http://techsupportalert.com/cheap_inket_cartridges.htm

------------- end of sponsored links --------------------------


4.0 OTHER USEFUL STUFF

4.1 Good Deals on Computer Stuff
Thanks to all the subscribers who wrote in with the PC bargains they had located. Keep them coming! Derek Anderson found 2 GB USB flash drives available at $15.99 every day from Microcenter [1] and on special some days at $12.99. Nice price but I'm not sure how fast these drives are. However subscriber Kevin Anderson picked up a zippy 4GB Kingston Traveler for $29.55 from MegaCameras [2]. Kevin noted the same drive is available from Dell [3] for $149! Moving away from USB drives subscriber Beverly Thomas pointed out the great cable deals at Compuvest [4] including 10 foot RJ45 Ethernet patch cables for 99 cents. Note that I don't make anything on these suggestions nor do I vouch for the vendors or guarantee the products are still available at the indicated price. I simply pass these suggestions on for you to check out if you so wish.
[1] http://www.microcenter.com/
[2] http://tinyurl.com/ytjd3p (Megacameras.com)
[3] http://tinyurl.com/29vnm3 (Dell.com)
[4] http://www.compuvest.com/

4.2 Mind-blowing New Photo Technology
This video demonstrating Microsoft's Photosynth project left me speechless and made me think the unthinkable; that computers are finally delivering on what they promised. It's good news even if it is a mere 30 years late. Thanks to Lex Davidson for this link. Note that you need broadband to view this.
http://www.ted.com/index.php/talks/view/id/129

4.3 Running Linux from a USB Flash Drive
Following his recent encounters with Linux distros and then Windows USB flash drive computing, it's only natural that regular contributor "Briard" would look at running Linux from a flash drive. After checking out several attractive options he settled on one distro as the best for this application. Read the full article here [1] to see what he found.
[1] http://www.techsupportalert.com/flash-drive-linux.htm

4.4 Free Utility Lets You Record Screen Sessions Easily
In issue #141 I covered free utilities like Wink [1] that allow you to make movies of what's happening on your screen. However regular contributor JW has written to point out the virtues of another program called Screen2Exe. As the name implies it creates a movie in the form of an EXE file rather than AVI or SWF and that means you don't have to use a media player to view it. It is also very easy to use and comes with a full set of features including voice and mouse recording, multiple quality settings plus the ability to record only a part of the screen. The vendor also claims that the use of the special SSCV2 codec for compression produces a smaller file size that other codecs. I note though that it does not allow screen annotation. Freeware, Windows 2000-2003, 424KB.
[1] http://www.debugmode.com/wink/
[2] http://www.screen-record.com/screen2exe.htm

4.5 Website Allows You to Create Your Own Comic Strips
Good with words but lacking in artistic ability? Have no fear, now you can create your own comic strips by using the pre-drawn frames at these sites. Thanks to prolific contributor Andreas Büsing for the suggestion.
http://www.stripcreator.com/make.php
http://www.readwritethink.org/materials/comic/
http://www.wittycomics.com/make-comic.php
http://www.makebeliefscomix.com/

4.6 Useless Waste of Time Department
Well this video [1] is only really a waste of time in the economic sense as it will make you smile with warmth and endearment. In these callous times this must be counted as a fine thing. This link was brazenly stolen from Eric Howes' excellent CounterSpy Security newsletter [2].
[1] http://www.flixxy.com/why-everyone-needs-a-pet.htm
[2] http://wwww.counterspynews.com

** These items appear only in the Premium SE Edition **

4.7 Free Web Service Lets You Sell Event Tickets Online

4.8 Free Online Photo Gallery Generator and Photo Album

4.9 Super Cheap Chinese USB Drive Guaranteed Never to Fail


5.0 TIP OF THE MONTH

5.1 How to Improve Your Security When Using a Public Terminal (Part 3 of 4)

Last month [1] I showed you how you can enter passwords more securely using obfuscation techniques. This is fancy way of saying that when you type your password you insert and delete random letters to mask the real password. It works because most keyloggers just record a long string of characters containing the keystrokes you have entered so adding and deleting random letters makes it very hard for an attacker to work out which of the recorded keystrokes form part of your actual password.

However some keylogging programs are smart enough to get around this. Next month I'll show you just how they get around it and what you can do about it but first we need to look at another way of outsmarting keyloggers: on-screen keyboards.

An on-screen keyboard (OSK) is, as its name implies, a screen version of a normal keyboard where you "type" characters by clicking with your mouse the appropriate key on the screen. Windows has an OSK built-in that can be accessed from Start / All Programs / Accessories / Accessibility / On Screen Keyboard or alternatively from Windows key + U.

Now many folks think that using an OSK to enter password data is more secure because a keylogger can't capture the keystrokes. Unfortunately this is only partly true.

First some OSKs (including the Windows OSK) simply emulate actual keystrokes and these can be recorded by many keyloggers. Second anyone can see what you are entering with an OSK by simply taking a screen movie or even a rapid series of screen shots. Third by recording mouse click coordinates it may be possible to deduce the characters entered with an OSK. Finally it may be possible to capture the password from the OSK using a clipboard monitor when you copy the OSK entered password into a password form field.

That's the bad news. The good news is there are some OSKs that don't emulate keyboard input. Two of these are free, portable and specifically designed for secure entry. The first is Neo's SafeKeys [1]; the second is Monitor Only Keyboard (MOK) [2].

SafeKeys has some nifty features such as the ability to start up in a different screen position and with a different size every time you run it. This effectively defeats mouse click loggers. It also allows you to drag and drop the entered password into a web form thus bypassing clipboard loggers.

MOK has its own charms: it disables clipboard logging and has the option of a variable key layout. It doesn't support drag and drop but the copy implementation results in equal security to SafeKeys.

So on balance there is little between the products; each is a perfectly viable solution. Unfortunately both are still vulnerable to screen capture. However a screen capture program would have to take very frequent snaps or a continuous movie to successfully capture all your virtual keystrokes. That's possible, though the host PC would take a big performance hit in the process.

But there is a simple way of getting around screen capture programs: enter part of your password with an OSK and the remainder with the real keyboard. Combine the keyboard entry with a little basic obfuscation and you have a pretty secure solution.

It all sound a little complex but it's simpler in actual practice than this written description implies. So I suggest you download SafeKeys and/or MOK, install them on your USB drive and get some real life experience. It's all much easier than you think.

Next month in the fourth part of this originally planned two part series I'll look at some advanced keylogging techniques and the specific problems of protecting the RoboForm master password.
[1] http://techsupportalert.com/issues/issue146.htm#Section_5.1
[2] http://www.aplin.com.au/?cat=5
[3] http://www.myplanetsoft.com/free/mokhelp.php

6.0 FREEBIE OF THE MONTH

6.1 Recover Deleted Files from Digital Cameras and MP3 Players

There are several free utilities that can recover files accidentally deleted from hard drives but I've long been seeking one that works with files accidentally deleted from flash memory in digital cameras, MP3 players or USB drives.

Thanks to a suggestion from subscriber Adam Smithee that search is now over. Recuva is a free utility from the makers of the highly regarded CCleaner. Not only does it recover files deleted from flash memory it also works for hard drives as well.

Recuva of course cannot undelete files that have been written over or are stored in physically damaged sectors. However its ideal for recovering those precious holiday photos immediately after you accidentally erased them. Free beta, Windows 98-Vista, 211KB.

http://www.recuva.com/

*** Bonus Freebie in the Premium Edition ***

6.2 Free Utility Hides Folders

I'm sure why subscribers keep asking me for a free program that will hide Windows folders. Maybe it's because most of the utilities on the market are expensive commercial products. Maybe it's because my readers have a lot to hide :>)

I suspect the real reason is simplicity and convenience. Folder hiding is a concept that's easily understood and it's a really straight forward way of keeping your private information away from casually prying eyes.

I only know of one free utility that does the job ... Full details in the Premium SE Edition.

How to get the Premium Edition now

Stop missing out on all this extra information! Subscribe now to the Premium Edition of this newsletter and immediately receive the current Premium issue containing nearly double the information contained in this free edition. Get twice as many great web sites, twice as many top utilities and great freebies and no ads.

You'll also get immediate access to the archive of all past issues of the Premium Edition of the newsletter where you can catch up on the hundreds of great utilities you missed in the free edition.

If you like the free edition you'll love the premium. At $10 per year it's just the cost a few coffees. Use this link to subscribe online now:

http://www.techsupportalert.com/se-edition.htm

This month I'm giving away to new Premium subscribers, six free copies of the the top rated anti virus NOD32.

NOD32 is a brilliant program for protecting your PC yet it only consumes a modest amount of your computing resources. That's why I use it on my key work computers. At $39 it's good value but it's even better value when you can get it for free.

The six copies I'm giving away will be allocated at random but your chances of scoring one are actually quite good. So if you have been thinking of subscribing, now's the time.

Even if you don't win anything you'll still get my special report "Gizmo's Desert Island Utilities" which outlines the software I use myself, including many free products.
Use the link below to subscribe now:

http://www.techsupportalert.com/se-edition.htm

7.0 MANAGE YOUR SUBSCRIPTION

Support Alert is a free newsletter. If you liked this issue why not email it to a friend. Anyone can subscribe by signing up online at http://www.techsupportalert.com/al_subscribe.htm

Back Issues:  A searchable library of back issues is available at:
http://www.techsupportalert.com/issues/back_issues.htm

If you no longer wish to receive this newsletter just go to
http://www.webelists.com/cgi/lyris.pl?enter=support.alerth
Enter your email address. No password is needed. You can then cancel on-line. Premium Edition subscribers should note that they can delete their free edition subscription  without affecting their premium subscription as the two lists are totally separate.

To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=support.alerth Enter your old email address. No password is needed. You can then change your subscription email address directly.

The 46 Best-ever Freeware Utilities
 http://www.techsupportalert.com/best_46_free_utilities.htm

The Extended List of the Latest Freebies
http://www.techsupportalert.com/more/extended.htm

For lots more free IT newsletters see
http://www.TechNewsletters.com/infobase.asp?TPubId=79

For convenience North American subscribers can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI 49321-0243 USA

Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2007

See you next issue. Next month's issue will be published on the 16th of August.

Gizmo
Ian Richards
editor@techsupportalert.com