IN THIS PREMIUM SE ISSUE:
0. EDITORIAL: How to surf with complete security.
Well it cost me $189 to make my web surfing totally secure but it looks like you can do it for free.
Regular readers of this newsletter are aware that I surf the web using a virtual PC that's hosted on my normal PC. This virtual PC is created with the VMWare Workstation program.
The advantage of this approach is immediate; I don't care if the virtual PC gets infected because I can just shut it down and the infection is wiped out without affecting the real PC that hosts the virtual PC.
I also use a virtual PC to download and install new programs. Once again, if my virtual PC becomes infected by a virus, spyware or a trojan, I can just shut it down, re-start and the infection will be gone.
Another benefit is privacy; when I shut down the virtual PC, all traces of my surfing history disappears as well.
These benefits may be attractive, but most folks aren't prepared to fork out $189 for VMWare Workstation in order to get them.
But now you can get the benefits for free. The VMWare Corporation has released a free cut-down version of VMWare Workstation called VMWare Player.
VMWare Player can't create new virtual machines like VMWare Workstation but it can "play" existing ones. It works like this: you install the Player, then load an image of a virtual machine using the Player. Once the image is loaded, you have exactly the same virtual environment and features as if you were using VMWare Workstation. That means you can shut down and re-load that image as many times as you like, eliminating any infections and history in the process.
VMWare have on their web site a whole batch of free pre-configured virtual machine images including a "Browser Appliance" which is a pre-configured Linux based system with the Firefox Browser installed. You can use this to browse the web securely without fear of infection.
If you use the Browser Appliance, you are not installing Linux on your Windows PC but rather are running a virtual machine that uses Linux. It won't interfere with your normal Windows PC in any way.
You don't have to worry about complex Linux networking either. The VMWare Reader will transparently connect you to the internet using your normal Windows connection.
Of course you don't have to run a Linux Virtual Machine, you can run one that uses Windows or any other operating system. All you need is to get your hands on the appropriate virtual machine image.
A quick Google search will reveal quite a few images available on the web including various versions of Windows. However I'd be pretty sure most of these present Windows Licensing problems.
The ideal approach is to create your own image based on a separate licensed copy of Windows. Don't use your normal workstation license though, Microsoft licensing does not permit that.
Unfortunately you can't create a new virtual machine image using the VMWare player - you need the full $189 VMWare workstation to do that. You can however, use readily available freeware utilities to achieve the same result. Here's a link to a web site that shows you how:
This process is not for beginners but is well within the scope of almost all experienced users.
Rolling your own virtual machine has another advantage: preconfigured images are big, often 500MB and more, so creating an image on your own PC saves a lot of your internet bandwidth.
I encourage you to download the VMWare Player and try building your own virtual machine. Using a virtual environment will change the way you view computing. Once you are freed from security and privacy concerns you will be free to surf the internet to places you would never dream to go, free as well to install and try out programs to your heart's content, knowing that at any time you can wipe everything from your PC just by hitting the Virtual Machine reset button.
Player: Freeware, Windows and Linux versions available, 28.2MB
See you next month.
1.0 TOP TECH SITES AND RESOURCES
1.1 How to Send 1.5GB Emails for Free
by your ISP to a maximum email size of 10MB or less? No problem, use this file upload
service from FileFactory and you can email files up to 1.5GB. FileFactory also allows you
to upload non-email files up to 500MB and share them with multiple users. While the
maximum size of individual files is limited, the total of all your files stored on the
server is not. Not bad for nix.
1.2 How to Make Your PC Quieter
a site dedicated to the subject. Lots of good tips and recommendations. Worth bookmarking.
1.3 How to Reformat Your Hard Drive Without Data Loss
can do this using Partition Magic and a number of other expensive partition managers, but
this article shows you how to do it for free using a Linux Boot Disk. For experienced
1.4 Free Downloadable eBook of Photoshop Techniques
Dan Hervey writes, "Gizmo this free PDF eBook is really useful for anyone who wants to
improve their digital photos using Adobe Photoshop. It uses a step-by-step approach so
it's great for beginners but there's plenty for experts as well." Thanks Dan, I notice
it's for version 7 of Photoshop which is now a little out of date. That's OK as most of
the techniques still apply to the latest release though you may find that the tool
locations have changed. To download this 32MB eBook right click on the following link and
select "Save as .."
1.5 The Definitive BIOS Optimization Guide Updated
Wong's definitive guide to BIOS settings has just been updated again.
** Additional Items in this Premium SE Edition **
1.6 Lots of Free Utilities for your USB Flash Drive
users now carry their data and applications around with them on a USB flash drive. However not all programs can be run directly from these devices. Many thanks to subscriber Evan Gardener for letting me know about PortableApps.com  "a community site devoted to the development, promotion and use of portable applications. The site was created by John T. Haller, the developer behind numerous portable applications (like Portable Firefox, Portable Thunderbird and Portable OpenOffice.org) as a way to centralize the knowledge and development efforts of multiple portable application efforts." There are lots of apps here, including a portable version of Firefox 1.5, Gaim 1.5 and a beta version of the upcoming Thunderbird 1.5. It's not the only site of this kind, I'm aware of at least two others (, ), but it's well organized and very up-to-date.
1.7 Search Engine Allows Tricky Queries
a great fan of Google but sometimes I need to make a search that's too complex or tricky for Goggle to handle. For these kinds of enquiries I've been using the French search engine Exalead. The advanced search feature is very comprehensive; heck, it even allows the use of regular expressions! Results are presented very nicely with web page thumbnails of every hit and embedded RSS feeds listed as well. With 2.5 billion pages indexed, it's also very comprehensive.
1.8 Free RSS Service
had a lot of email from readers asking my advice how to get into RSS. My suggestion is to
use the free Newsgator web service  for a while. Being web based there's nothing to
install so it's an easy, low hassle way to see if RSS works for you. If you get hooked,
you can then try installing a free RSS client on your PC. And what's the best free RSS
client? Well, since different folks have very different needs, there really isn't one.
That said however, do try BlogBridge  and GreatNews  amongst others.
1.9 Lots of Small Free Programs
"Towelie" wrote in to remind me that I haven't mentioned TinyApps for a while. Guilty as
charged. This is an excellent site offering dozens of free programs notable for their
compact code, a refreshing change from the huge bloated programs that have become all too
common. Small doesn't necessary mean lacking in features; many of the apps here are as
powerful as their XXOS cousins. As a bonus, most don't even need to be installed. Not
every program listed is a gem, but the site is well worth a long browse.
some top sites to suggest? Send them to
2.0 TOP FREEWARE AND SHAREWARE UTILITIES
2.1 Best Free Video Editor
Jim Nix writes, "Gizmo this Christmas season I became in need of a video editor. I discovered my copy of Adobe Premiere 5.1 LE did not allow for gamma, brightness or contrast adjustment. I checked your "Best 46 Freeware" listings and found no video editor. If you have considered adding such a category I suggest you consider VirtualDub  which is outstanding. The package is however not complete without the additional filters. A comprehensive collection of third party filters is available from an Italian site  - just click on the "TELECHARGER ICI" button to download the complete set of filters (RAR pack). Once all the filters are installed, delete the "PCVideo Image Processor" filter as the installation instructions are missing a step. Again, thank you for the fine newsletter." Well thank you Jim. I'm not a video sort of guy but I've checked out VirtualDub and it's an impressive Open source package that is regularly updated by its author. Note however that it won't handle DVD or MP4 and like all video software, needs a pretty fast PC. Freeware, Windows 95 or later, 958KB.
2.2 Free Firefox Extension Offers Selective Privacy
V1.5 allows users to easily clear their internet history, cache, cookies and other
internet tracks. Sometimes users don't want to clear everything but rather just the
information for a particular browsing session. You can do this using the free Stealther
extension. Once installed, just turn on Stealther from the Tools menu before the session
and afterwards turn it off. Nothing will be recorded in the interim. Freeware, Firefox
2.3 The Best Free Disk De-fragmenter
My top recommendation here has long been Diskeeper Lite V7, the last free
version of the commercial Diskeeper program now at V10. Or so it seemed until I
received this email from subscriber Vashek Weis. "Gizmo I found Diskeeper Lite 8
on a CD accompanying a new Intel motherboard and later when I checked for
updates on the Intel site I found Diskeeper Lite 9! To get it you need to
download the full version (89MB) of Intel Desktop Utilities. Once downloaded,
run the exe to unzip its contents into a folder of your choice. In the directory
tree created you will find these folders: .../3rdparty/Diskeeper/ and
.../3rdpartyDiskeeper.64/. Works great and the new Performance tab is excellent.
In the Readme_EN.txt and in the License Agreement I didn't find any rules
prohibiting downloading and using this program (on a single computer), therefore
I am assuming there aren't any. Please note that both on my desktop and on my
laptop the installation failed unless I uninstalled previous version of
Diskeeper Lite." Great find Vashek and thanks for writing. Windows 2000 and
2.4 Access Linux Files From Windows
who runs a Windows/Linux dual boot system will appreciate this free driver that allows you
read and write to Linux Ext2 volumes from within Windows. "Ext2 Installable File System
for Windows" works as a kernel mode driver that extends the Windows NT/2000/XP operating
system to include the Ext2 file system. (486KB)
2.5 Backing Up DRM Protected Audio While Retaining Quality
is an update to an item I mentioned in issue 127. In that issue I mentioned HotRecorder
for Media  a $19.95 shareware utility that claims to be able to convert iTunes and
Yahoo! Music sound files into .wav or .mp3 files while "maintaining the original quality
of the audio files." I expressed skepticism about the quality claim but at the same time
praised the program for its ease of use. The quality question generated a lot of
correspondence from readers, several of whom claimed that they had used HotRecorder and
other similar products such as Tunebite  and TotalRecorder  with excellent results.
After doing some research it appears that these products differ from older recording
products like MyMP3Recoder  in that they employ a virtual sound card to capture music
being played rather than simply grab and re-digitize the analog output from a real sound
card. In principal this means that sound quality may indeed be maintained as the whole
process takes place in the digital domain. I confirmed this claim with the developer of
Tunebite who stated, "One of the advantages of Tunebite is indeed that the virtual sound
card works full digitally. So with the re-recording of DRM protected music the user has no
reduction in quality." Sounds good to me ;>)
** Additional Items in this Premium SE Edition **
2.6 Huge Bundle of Free Goodies from Google
Pack is a customizable package of free software now available for direct download from
Google. This is made up of a bundle of Google's' own software products such as Google
Desktop, Google Toolbar for Internet Explorer, Google Earth, Picasa and Google Pack
Screensaver plus third party programs such as a lite version of Norton Antivirus 2005 with
6 months free subscription, Firefox V1.5 with Google Toolbar, Ad-Aware SE Personal and
Adobe Reader 7. Optional components include Trillian and GoogleTalk IM products,
RealPlayer Media player and GalleryPlayer - a program for displaying artwork and other
images on your HD screen or TV. The pack also includes an automatic updating utility.
Overall a nice pack of quality products though there is not much new other than the free 6
months Norton AV 2005 trial. None-the-less, a useful timesaver when setting up a new PC.
Free, Windows XP, size varies according to options chosen.
2.7 Free Reminder Extension for Firefox
ReminderFox was launched last year, I thought I had at last found the reminder program I
had long been looking for. Alas it was a disappointment. It was a good idea but lacked
even basic features such as the ability to create periodic and recurring reminders. This
has all changed with the latest version and the product is now very usable. ReminderFox
is not a full-fledged calendar system, but is designed to manage standard reminder needs
and handle basic "to-do" list requirements. As a result, it is very simple to use with all
the features you really need and avoids the unnecessary complexity of products like
Outlook. Also having a reminder program in your browser makes perfect sense. Almost
everyone uses their browser daily, so why run a separate reminder application? Much to
like here though I do wish it had an audible alarm for reminders rather than rely just on
visual alerts. The product is being actively developed so maybe this will appear soon.
Freeware, requires Firefox.
2.8 Free RSS Reader for Outlook Express
prefer accessing RSS through my browser but many folks prefer to integrate it with their
email. If that's you then note that the excellent free aggregator "RSS Popper" is
available for Outlook Express as well as Outlook. It's only an Alpha version but it worked
fine on my test PC. It requires Outlook Express 6 or Outlook 2000 and later. Freeware,
Windows 98 and later, 0.3MB.
2.9 Best Free FTP Client
has long been my top pick but subscriber José Vasconcelos differs: "Gizmo, I've
tried Filezilla for a while but I cannot agree that is the best free FTP client around.
I've been using WinSCP and it's much more powerful and yet remains simple to use. It
features a built-in terminal, it can launch Putty directly, allows you to remotely edit
files, direct transfer and transfer queue, limit download speed rates, just to point some
among a wide array of features, some of which Filezilla misses." Jose is quite right;
WinSCP is an excellent freeware SCP (secure copy) client for Windows that uses SSH and
offers a rich feature set. Not everyone needs the extra features WinSCP offers but if you
do, then check out WinSCP, it's a secure and very capable package. Thanks Jose for the
suggestion. Freeware, All Windows versions, 1.68MB.
some favorite utilities to suggest? Send them to
3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Windows WMF Fiasco
hot news this month was the widespread release on the web of exploits utilizing serious
flaws in the way the Windows graphics rendering engine handles WMF (Windows Metafile)
images. Tens of thousands of PCs were infected with trojans and other malware during the
month simply by visiting web sites displaying specially crafted images. Thankfully MS
quickly issued a fix for the problem outside of the normal monthly patch cycle and this
has now been distributed to Windows 2K and later machines via the Windows Update service.
There are a number of twists and ironies here: First, MS has long been aware of the
problem but has consistently downplayed its severity. Second, the quickly released patch
was in fact a mistake; the patch was only released outside of the monthly patch cycle
because it was accidentally posted to a public forum. Third, MS has taken an odd position
with patching Win9x systems. To quote their web site: "Although Windows 98, Windows 98
Second Edition, and Windows Millennium Edition do contain the affected component, the
vulnerability is not critical because an exploitable attack vector has not been identified
that would yield a Critical severity rating for these versions." In other words no-one
has yet found a way to exploit the flaw so we are not going to fix it. Hardly comforting
for Win9x users. Finally, two new vulnerabilities in the Windows graphics engine were
discovered within days of the release of the MS patch. The new flaws affect even fully
patched Windows 2000, Windows XP SP2 and Windows Server 2003. Naturally MS yet again went
into their usual denial mode stating the new flaws were not as serious as stated. Not a
good month for Microsoft.
3.2 Microsoft Monthly Patches
separately from the WMF problem, Microsoft released two other "critical" rated fixes in
January as part of its monthly patch cycle. The first  could allow an attacker to
execute arbitrary code on a user's PC simply by viewing specially crafted fonts on a web
site or within an HTML email message. All versions of Windows are affected though with
Windows Server 2003 systems the flaw is rated as "Important" rather than "critical." The
second flaw  is in MS Office 2000 and later as well as specific versions of MS Exchange
2000 and later. The flaw lies in the way these products decode the Transport Neutral
Encapsulation Format (TNEF) in a MIME email attachment. "An attacker could exploit the
vulnerability by constructing a specially crafted TNEF message that could potentially
allow remote code execution when a user opens or previews a malicious e-mail message or
when the Microsoft Exchange Server Information Store processes the specially crafted
message. An attacker who successfully exploited this vulnerability could take complete
control of an affected system." Patches for both flaws have been distributed via Windows
Update. If you are in any doubt whether your PC has been patched please visit the Windows
Update service  now.
3.3 Is Your Sun Java a Security Risk?
folks have Sun Java installed on their PC but many have never updated it. This is a
concern as several serious security flaws have been found in the product during 2005 and
earlier. If you have not already done so, it is extremely important that you update your
version of Java now. Doing this is quite easy: Go to your Windows Control Panel now and
select "Java" or "Java Plugin" from the list then select Update to download and install
the latest version. If you don't see "Java" or "Java Plugin" in your Control Panel then
turn on "Classic view" from the left hand panel. If you can't get this procedure to work
you can simply do an offline installation by downloading Java from this address:
3.4 Serious Flaw in VMWare NAT
of VMWare Workstation 5.5, VMWare GSX Server 3.2, VMWare ACE 1.0.1, VMWare Player 1.0, and previous releases of these products who use NAT for networking should update to the latest version immediately as a serious security flaw in these products could allow an attacker to gain control of the host PC.
3.5 Holes Patched in Apple QuickTime
has released V7.0.4 of QuickTime that fixes five known buffer overflow flaws that could
allow Windows and Mac machines to be compromised simply by viewing a specially crafted
QuickTime QTIF, TIFF, GIF or TGA file. The new version also includes a number of bug
fixes. All users should update immediately by using the "Update Existing Software" option
from the Help menu.
3.6 The Dangers of Using Open Wireless Networks
users are now aware of the dangers of home wireless networks, however open access public
networks are a far greater risk. In fact, I'm constantly amazed at the way folks extol the
virtues of public Wi-Fi networks without even considering the serious security risks
involved. These risks are real and immediate, not theoretical. You don't even have to be
actively using a public network to be exposed; simply allowing your computer to
automatically connect is enough. If you have a laptop or PC with Wi-Fi access, please read
3.7 Big Changes to Free Firewalls
much-loved Sygate Personal Firewall was discontinued on the 30th of November 2005. The
decision  was made by the much-unloved Symantec Corporation, who recently acquired
Sygate and its products. The excellent Kerio Personal firewall has also disappeared but
thankfully has been acquired by the folks at Sunbelt Software, makers of the highly rated
CounterSpy program. Sunbelt has generously offered to continue the free version . They
have also dropped the price of the Pro version to $19.95 or $14.95 if you purchase before
the end of March 2006. That's quite a deal.
3.8 Skype 2 Final version Released
new version 2 of Skype, the wildly popular VoIP program, has finally been released. It's
been in beta a while so it should be pretty solid. Features include improved voice
quality, one-to-one video conversations, improved contacts organization and more.
Freeware, Windows 2000 and later, 9.5MB.
3.9 New Version Of uTorrent Released
uTorrent, the diminutive but highly effective BitTorrent client continues to go from strength to strength. With each successive release new features are added yet the program remains tiny compared to competitors like Azureus. The latest V1.4 release adds multi-scrape, an RSS reader, Bitcomet style add dialog and more. All BitTorrent users should try uTorrent, particularly when the whole thing is only a tiny 130KB download, is free and doesn't need installing.
3.10 Thunderbird V1.5 is Here
a long period in beta the final version of the excellent Mozilla Thunderbird email client
has been released. New features include a built in phishing detector, spell check
as-you-type, auto saving of drafts, global inbox filters, support for server-side spam
filtering and more. Most importantly, stability has been greatly improved. Overall this
great free email client has been made even better. Outlook Express users should seriously
consider switching. You'll get more features plus a way safer product as well. Free Open
Source, Windows and other platforms, 6.08 MB.
4.0 OTHER USEFUL STUFF