|
|||
|
If you prefer you can
read this issue online from the Supporters' Area
here: IN THIS PREMIUM ISSUE: 0. EDITORIAL: The future of computing0.0 EDITORIAL I'm absolutely delighted with my new laptop replacement. It's way lighter than my old IBM ThinkPad T42 and at $49 it's a tad cheaper as well. The laptop replacement is a USB flash drive. The drive was an answer to a conundrum I faced last month. I planned to take a two week break part of which involved camping in the desert. The desert I figured was no place for my IBM. Yet both before and after the camping segment I would be in cities where I would need access to a computer. Taking a USB thumb drive seemed like a sensible solution. As it turned out it was not only sensible but practical. So practical I'm wondering whether I ever need to travel with a laptop again. While traveling I was able to do all my normal work using most of my normal tools. The tools were on my USB drive. What was different was that I was plugged into someone else's computer at an internet cafe or hotel. I put quite a lot of thought into the programs I loaded onto the USB drive before I left. Most important was a portable version of Firefox along with TorPark, a special version of Firefox setup to work with the Tor anonymizing service. Both these run entirely from the USB drive and leave no trace of my surfing on the host PC. That's nice but more important was the availability of my normal bookmarks, Firefox extensions, custom bookmarks toolbar, Google toolbar and even my surfing history from within Portable Firefox. This was made possible simply by copying parts of my Firefox profile from my laptop to the USB drive before I left home. The comfort of having your familiar browsing environment available cannot be overestimated. I've customized Firefox to work exactly how I want so to have that available on whatever computer I was using was both delightful and remarkable. The comfort of the familiar was further enhanced by the use of RoboForm2Go as my password and form filler. RoboForm2Go is a portable version of the same RoboForm program I use on my normal PC. Like Portable Firefox it leaves no trace of itself on the PC your USB stick is plugged into. Again like I did with Firefox, I copied my RoboForm data from my laptop to the USB stick before I left, so all my normal passwords and login credentials were available from my USB stick as well. Using RoboForm2Go to automatically fill out your web session password is a surprisingly safe procedure, particularly when using Firefox where the speed of the typing during form completion is beyond the capacity of keyloggers to log. I know this; I tested RoboForm2Go before I left using five commercial keyloggers and none successfully recorded the form data. Your RoboForm2Go master password however is more vulnerable but there are ways to improve the security of that too. I'll be covering that in next month's "Tip of the Month." The other software I took on the USB drive included Portable FileZilla, the portable version of my normal FTP client, EditPad Pro which is my normal text editor and PhraseExpress the program I normally use for quickly inserting boilerplate text. The latter two programs were not available in portable versions but I found that by simply copying the installation folder from my laptop to the USB flash drive they both worked fine. Handling my email was a cinch. I normally use Outlook to collect my mail from Gmail via POP3. While traveling I simply used Gmail as webmail from Firefox. When I got home I just collected all my mail in Outlook and had complete copies of all my correspondence back on my laptop Oh the pleasure of it, to sit in front of a strange PC in some strange location and to have your normal computing environment fully available to you. Your normal tools, your bookmarks, your passwords; everything. And the pleasure too of not lugging around a laptop or having to worry about it being stolen. I suspect it's also a pleasure you may need to get used to. The future of computing folks is going to be web based applications accessed through your browser. In a few years you may be carrying around only one piece of software on your USB stick: your highly personalized browser that will give you the same computing experience on any PC, in any location in the world. Personally, I can't wait. After my positive USB flash drive experience I've decided to move things along by converting one of my home PCs to have no applications installed other than a browser. Everything will be web based: email, calendaring, digital editing, spreadsheets, word processing and more. Think about the advantages: no backup worries, dramatically reduced security concerns, no software update and licensing hassles, less demanding hardware requirements and best of all: the availability of your familiar computing environment from any PC. Yes, the attractions are many but is it too early to make this bold move? That dear readers, is what I hope to find out. See you next month. Next month's issue will be published on the 21st of June. Gizmo supporters@techsupportalert.com PS Always run an anti-virus scan on your USB drive as soon as you plug it back into your computer. There is a whole new generation of malware appearing such as the SillyFD worm, designed to spread via portable devices. 1.0 TOP TECH SITES AND RESOURCES 1.1 More Free Software from Microsoft Blogger Blake Handler has sent me two interesting links. The first is to a set of free Vista programs and accessories from Microsoft [1] and the second to free Office 2007 software [2]. There is some nice stuff listed. [1] http://bhandler.spaces.live.com/blog/cns!70F64BC910C9F7F3!1844.entry [2] http://bhandler.spaces.live.com/blog/cns!70F64BC910C9F7F3!1822.entry
1.2 Windows Stop Messages Explained
3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES 3.1 Microsoft Security News In the last month new exploits have been circulating for a particularly nasty flaw in Microsoft's Windows Server Domain Name System Service. The flaw affects Windows Server 2000 and Windows Server 2003 running the DNS Server. Affected systems could be completely compromised. The flaw was unusually serious because it potentially allowed key corporate assets to be attacked. Thankfully it has been fixed by Microsoft as part of the May "Patch Tuesday" release. It is essential that all users of Windows Server 2000 and 2003 patch their servers immediately. Patch Tuesday the 8th of May saw the release of a huge batch security updates from Microsoft. The updates covered 19 different flaws of which 14 were rated as critical. One of the critical flaws was for the DNS vulnerability mentioned above while others covered Internet Explorer, Microsoft Office products, Exchange and Microsoft Cryptographic services. A number of the patches covered flaws in Microsoft Office file formats. While the fixes were welcome, it is clear Office files remain vulnerable and will continue to be attack targets. In this context all unknown Office files must be considered as potentially dangerous and only opened in a sandbox or other safe environment. Further details of the May updates can be found here [1] while a discussion of implementation issues can be found here [2]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and you will need a considerable period of time online for them to download successfully. If you have any doubts whether you have received the updates, then visit the Microsoft Update Service [3] now. [1] http://www.microsoft.com/technet/security/bulletin/ms07-may.mspx [2] http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1254239,00.html [3] http://update.microsoft.com (Requires IE5 or later) 3.2 Annoying Bug in Vista Corrupts Screen Display A number of subscribers have written about a problem in Vista where the screen display has black or transparent sections and/or toolbars go missing. It's a known bug and Microsoft has a hotfix [1]. The problem apparently occurs when a Vista system is left running for a long period of time. You have to contact Microsoft for the hotfix but there's a simple work-around: restart Explorer. You can restart Explorer in Vista using the stock standard Windows technique of killing the explorer.exe process in Task Manager then clicking the Task Manager Applications tab, selecting Add then type in "explorer". It's a neat little Windows trick to have in your repertoire whenever you get a corrupted or frozen screen. http://support.microsoft.com/default.aspx/kb/932406/en-us#appliesto 3.3 Free Utility Secures Disk Data Encrypting your disk drives and files is not the only way to prevent trojans stealing your confidential data. There are a number of products on the market that achieve the same result by restricting access to particular files or drives to specified programs. One such application is DriveSentry, a product that started life as a commercial application and is now free. As their website states "DriveSentry works by monitoring each application writing to your drives. Only applications you have authorized can write to the drive and all others are blocked. If you can imagine a software firewall monitors internet traffic, well DriveSentry monitors drive traffic...DriveSentry is incredibly versatile as it not only allows you to prevent applications writing to your drives but can also control what file-types they write." I tried it and it works as advertised. It operates like this: you nominate a drive, folder or set of files of a particular type that you want to protect. You then nominate the trusted programs that can legitimately access these protected entities. If another program tries to access or change any of these a popup warning is issued. DriveSentry has some nice features such as a sensible inbuilt set of program access permissions for common file types plus the option of a standard mode and advanced mode of operation. It also provides some additional HIPS-like system protection. For example you get notified of one of your trusted programs gets changed, your browser home page modified or system dlls are altered. It all sounds hunky dory but what do I think of DriveSentry? In a phrase: too noisy. I found myself swamped at times with pop-up warnings. Maybe with more tweaking of the settings things might quieten things down. I don't know; I installed the product after only two days of usage. DriveSentry is not for me, but for others prepared to trade a little annoyance for increased security DriveSentry is a good option particularly at the price. Thanks to subscriber Rick Farrow for the suggestion. Freeware, Windows 2000 through to Vista, 2MB http://www.drivesentry.com/ 3.4 Users Volunteer to Get Their PCs Infected When security professional Didier Stevens ran a tongue-in-cheek Google text ad offering users the opportunity to get their PCs infected he didn't expect much of a response. He was wrong; 409 people clicked on the ad over a six month period. Those who clicked the ad ended up at Stevens' benign web site so no harm was done but they could just have easily landed at a hostile drive-by download site. Sure makes you wonder about human behavior. Google has now pulled the ad. http://didierstevens.wordpress.com/ 3.5 Top Sandbox Utility Acquired by Google GreenBorder, although a tad expensive, is one of the best performing sandboxes I've tested so I was saddened when a subscriber wrote to tell me the product was no longer available. According to their support forum "GreenBorder has stopped offering its products for sale. We're not going out of business, and we'll continue to support our existing customers." I emailed the company to ask for clarification. I was delighted when I received a short reply saying GreenBorder had been acquired by Google. I've seen no press announcement but if this is true then I suspect they will make GreenBorder free. Sandboxie is a top product so I hope I'm right. Also makes you wonder whether the much-denied Google Browser is actually taking shape. https://supportcenteronline.com/ics/support/default.asp?deptID=4049 3.6 See How Your Anti-virus Program Stacks Up In my April 2007 Editorial [1] I rated some of the most popular free and commercial AV scanners. Since then I've located an excellent additional data source [2] for assessing AV performance. It's a near real-time listing of how well the major scanners detect new threats identified by the Malware Incident Reporting & Termination (MIRT) team. The results support my previous findings namely the class-leading new threat detection rate of AntiVir and the relatively poor performance of AVG and Avast! with Kaspersky and NOD32 falling in the middle. Perhaps more important than the product ranking, is the relatively poor performance of ALL products in detecting new threats. This reinforces the point I have been making in recent issues that you can no longer rely exclusively on signature based anti malware products to protect you from the current onslaught of new threats. That said, it should be noted that the detection of new threats is only one of several criteria you need to consider when assessing the performance of AV products. See my April [1] editorial for more details. [1] http://techsupportalert.com/issues/issue144.htm#Section_0 [2] http://winnow.oitc.com/malewarestats.php 4.0 OTHER USEFUL STUFF 4.1 500GB External USB Drive for $139.96 This a good deal: a quality Western Digital hard drive in an external USB enclosure for $138.95 with free shipping. Just the thing for ripping your CD collection or backing up your DVDs. http://www.buy.com/retail/product.asp?sku=202418917&adid=17070&dcaid=17070 4.2 Download the Nifty Google Screen-saver Without Installing Google Pack The screen-saver in Google Pack is one of the best around. It paints your screen with an attractive and varying collage of photos from a folder of your choice. However it's hardly worth the effort of installing the massive Google Pack just for the screen-saver. This article shows you how you can install just the screen-saver alone. http://labnol.blogspot.com/2006/01/install-google-screensaver-without.html 4.3 Microsoft Claims Open Source Software Violates Its Patents In a PR masterstroke designed to win the hearts and minds of computer users worldwide Microsoft has claimed that Open Source software including Linux may violate 235 Microsoft patents. I wonder if this includes all the ideas Microsoft knocked off from Apple :>) http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019238&source=NLT_AM&nlid=1 4.4 Flight Simulator Google Style Fly a plane over terrain from Google Earth. It's not sophisticated flying but the view is marvelous. http://www.isoma.net/games/goggles.html 4.5 Useless Waste of Time Department Regular contributor Mikel Peters writes: "Gizmo, the free flash games at this site [1] are a blast. In particular I highly recommend checking out Sea of Fire; it is one of the best free flash games I've seen." Mikel goes on to say " ... and I've found another site [2] that can only be described as the mother of all time wasting sites. It's got cool, weird, interesting and amazing articles, pictures and videos plus links to hundreds of other time-wasting sites." [1] http://armorgames.com/ [2] http://very-bored.com/ ** Additional Items in this Premium SE Edition ** 4.6 How to Check the Condition of Your Hard Drive Most experienced users check their hard drives regularly for errors by using the chkdsk utility that's built into Windows. This Microsoft guide shows you how to do it. If you haven't checked your drives recently, now is the time. http://support.microsoft.com/kb/315265 4.7 An Inspirational Logo Collection That Will Get Your Creative Juices Flowing Looking for a new logo but have run out of ideas? If so check out this huge collection of logos used by trendy sites. Thanks to Paul Lawrence for the link. http://www.flickr.com/photos/stabilo-boss/sets/72057594060779001/ 4.8 How to Get McAfee Anti-Virus for Free Subscriber Rick Farrow sent me this link to a UK bank that appears to be offering McAfee VirusScan Plus Firewall and AntiSpyware for free for 12 months. I tried it and the download seems to work fine for non-UK surfers. There is a very short registration process after which you are directed to the download site. I didn't install the product though so I hope there is no last minute catch. http://www.natwest.com/microsites/personal/latest_deals/index.asp?referrer=online 4.9 Get a Top Commercial Partitioning Program for Free Rick Farrow also sent details of another UK site that offers a download link to a full version of Paragon Disk Manager V8. It's not the latest version but when I had a look at V8 a while back I found it to be a quite competent partitioning program with useful backup capabilities as well. I normally don't mention offers on this particular site as they are intended for subscribers to VNU magazines. However according to the site the offer expires on the 11th of April so I feel in the clear. But hey, did I tell you the download link still works! It's a 23MB download. http://www.computeractive.co.uk/hdmanager8/index 5.0 TIP OF THE MONTH 5.1 How to Improve Your Security When Using a Public Terminal (Part 1 of 2) Using a hotel computer, one in an internet cafe or airport is a risky business. Public terminals are fine for general browsing and even (with a few precautions) collecting your email but when it comes to logging in to your bank account or making an online purchase they really should be avoided. We all know that but life doesn't always allow us to follow the rules; sometimes we simply have to use a public terminal to conduct a confidential transaction Well I'd dearly like to be able to tell you a way you can use a public terminal with complete safety. I can't. What I can do is show you ways you can do it with a high degree of security. OK it's not 100% but it's better than no security at all. There are two main areas of risk when using a public terminal. First someone may be using a session logger to record the flow of data between the PC you are using and the websites you visit. Second there may be a keylogger fitted to the PC that allows someone to capture your keystrokes and sometimes your mouse clicks and screen session as well. This month I'm going talk about the first risk, interception. Next month I'll talk about keylogging. It's dead easy for an ill-intentioned internet cafe operator to record your internet traffic. Indeed I once visited a cafe and noticed the clerk at the front desk was unabashedly scanning traffic from the shop's computers using Ethereal. So believe me, it happens. It's important that you understand when you a visiting a normal website that most of the information that flows between the PC you are using and the website you are visiting is visible and readable. It's there for anyone to see. "Anyone" includes your ISP or the clerk in the internet cafe. However if you are visiting a secure website (i.e. one whose address begins with https rather than http) this is no longer the case; your data stream is secure. That's because your data is encrypted end to end i.e. PC to server. Yes, it can still be seen but all that can be seen is a lot of gobbledygook. If you use Gmail or Yahoo! webmail this is good news as both of these have secure website connections. The last time I used Hotmail it wasn't secure and many other webmail services aren't secure either. It's easy to tell: go to your webmail site and login. If the URL in the browser address bar starts with https it is secure. That means you can read your mail on any public terminal and no one can read your mail by intercepting the traffic between the PC you are using and the webmail service. If your webmail service uses http rather than https then your email can be intercepted and read. If your email only includes things like a get-well message to Aunt Maud then there is no problem but if it contains your social security number, bank account and other personal details then you should start worrying. Almost all online banking sites and e-commerce sites use https. That's comforting as it means no one can read your confidential data flowing between the computer you are using and the remote server. Sure they can see the data flow but they can't decrypt it. There are however, a number of ways to convert even a standard http into a secure encrypted https connection. Using a virtual private network is one way but that's an option more readily available to corporate users than individuals. A simpler solution is to use a secure anonymizing network like the free Tor system. Although Tor was designed to allow you to surf anonymously it has an attractive side benefit: it creates a secure https connection between your PC and the first Tor server. It's not secure beyond the first Tor server but interception is most unlikely once you get beyond the first server. The most likely location for someone to look at your web traffic is between the PC you are using and the first Tor server. Setting up Tor is simple if you use a product like the free Firefox based TorPark browser. Just start up TorPark and the rest pretty well happens automatically. TorPark is also portable so you can safely browse from a public terminal using a copy of TorPark installed on your USB flash drive. Surfing with TorPark is noticeably slowed by the long chain of Tor servers through which your data passes. However a little extra time is a small price to pay for the additional security and anonymity. Besides if you really need speed you can switch back to normal non-secure browsing easily within TorPark. If you use TorPark you can safely read your email even for non-secure webmail websites like HotMail. Whether the content of your webmail warrants the effort involved only you can decide. I should note in parting that SSL (and thus https) is not immune to decryption. In particular so called "man in the middle" attacks have proven effective. However this kind of advanced attack is highly unlikely in an internet cafe. Next month I'll talk about protecting your passwords when using a public terminal. The news is reasonably good but that will have to wait until the next issue. Difference between http and https: http://blog.eukhost.com/2006/11/15/difference-between-http-and-https/ SSH and SSL explained: http://www.rpatrick.com/tech/ssh-ssl/ TorPark: http://www.torrify.com/ Man in the Middle Attacks: http://www.contentverification.com/man-in-the-middle/index.html 6.0 FREEBIE OF THE MONTH 6.1 Free Utility Removes Ads From Internet Explorer and More Firefox users can effectively remove ads from web pages using the excellent free Ad-Block extension but there has been no comparable free add-on for Internet Explorer. Until now, that is. IE7Pro not only provides ad blocking but tab management, proxy switching, mouse gestures and more including a very valuable crash recovery feature. There's even a Firefox GreaseMonkey-like scripting feature that allows you to add more functionality such as a rather neat skin for Gmail. Hey with all these additional features you can convert IE7 into an almost passable alternative to Firefox ;>) Seriously, IE7Pro is a terrific product and a must for all IE7 users. In fact it's so good that I suspect the pressure to convert it to a commercial product may well prove irresistible so download it now while it's free. http://www.ie7pro.com/ Freeware, Internet Explorer 7, 985KB. ** Bonus Freebie for Premium Edition subscribers ** 6.2 Free Utilities That Make Your PC Run Faster Every week I get letter from subscribers asking me whether they should buy a particular PC Tune up utility or subscribe to a particular commercial tune up service that claims to make their PC run faster. In each case my advice is the same: save you money. You can easily tune up your PC using free utilities and in many cases get a better result than using expensive commercial products. There are two freeware tune up options: the first is to use a specialist tune up utility that will do the job for you with a single click. The second option is to use a number of different freeware utilities each addressing one particular area of cleanup and tuning. The first approach is easier the second is more comprehensive. Let's look at the products I recommend for each approach. For one click cleaning the stand-out product is Advanced WindowsCare Personal [1] from IObit. The Personal version is a feature reduced version of their $29.95 Professional product. Features missing in the Personal version include automated scheduling, commercial use licensing, tech support and some advanced tuning tweaks. However the Personal version does include almost everything else including adware / spyware cleaning and immunization, removal of useless temporary files from your hard drives, Windows registry cleaning, startup program analysis, erasing private browsing history plus a number of system and security tweaks. It's an impressive package for a freebie and this combined with one click operation, makes Advanced WindowsCare Personal an easy top recommendation for non technical users. It really only lacks in one area: it doesn't defragment your hard drive. However IObit, the makers of Advanced WindowsCare offer on their website an excellent free defrag program called SmartDefrag [2]. If you use this in conjunction with Advanced WindowsCare you will have a remarkably complete tune-up package for ZIP. More technically inclined users will however find the lack of fine control in Advanced WindowsCare frustrating. Such users are more likely to be attracted to using several specialist packages each offering more settings and better user control. This approach is less convenient that a one click package that "does it all" but ultimately it's more customizable to the individual users needs and more powerful in the individual cleaning functions offered. It's also less dangerous. A one click approach encourages haste and discourages careful consideration of what is being done. Advanced WindowsCare handles this by taking a system checkpoint before the start of cleaning which allows the user to bale out if something goes wrong. I suspect something would go wrong sooner or later. Using multiple programs encourages you to stop and think and that is not a bad thing. There are several different tune up utility combinations that can be used. Many of you in fact will already be using some of these utilities but for those who aren't, here's my basic "freeware clean up kit" suggestion: Spyware / Adware Cleaning: AVG Anti-Spyware [3] Disk and Privacy Cleaning: CCleaner [4] Registry Cleaner: EasyCleaner [5] Defragmenter: Diskeeper V7 [6] If you want some alternatives check out my "46 Best Freeware Utilities" list [7] and the subscribers-only "Extended List of Freebies" [8] for more details. I recommend you run the utilities in the order they appear in the list above. Do check the settings for each program before you run them, particularly CCleaner whose default settings are a little aggressive. Remember that cleaning your PC always involves a small element of risk so backup and/or create a Restore Point before you start. If you find you have spyware that can't be removed by AVG I suggest you download HijackThis from here [9] and follow the instructions also on the page how to paste the output to the Tom Coyote web forums. These folks should be able to help you permanently get rid of the problem. It won't cost you a cent either. So how often should you tune up your PC? For most users I recommend that you run a spyware scan weekly and the other cleaning operations monthly. After each monthly Windows update is an excellent time to run a clean up. If you install and uninstall a lot of products you may however want to increase this frequency to weekly. If you have never tuned up your PC you should see a real improvement in speed and responsiveness the first time you run these programs. However on subsequent runs the improvement may be much less noticeable. [1] http://www.iobit.com/AdvancedWindowsCarePersonal/index.html [2] http://www.iobit.com/SmartDefrag/index.html [3] http://www.ewido.net/en/ [4] http://www.ccleaner.com/ [5] http://personal.inet.fi/business/toniarts/ecleane.htm [6] http://www.majorgeeks.com/download.php?det=1207 [7] http://www.techsupportalert.com/best_46_free_utilities.htm [8] http://www.techsupportalert.com/more/extended.htm [9] http://www.tomcoyote.org/hjt/ 7.0 MANAGE YOUR SUBSCRIPTION The best way to manage your Premium
Edition subscription is from the Supporters' Area of
the Support Alert website. There you'll
also find all individual back issues, a downloadable
back issue archive, an extensive FAQ plus a growing
list of resources exclusively available to
Supporters. The Supporters' Area is protected. To log-in, use the security information sent to you when you first subscribed or as notified subsequently. If you no longer wish to receive this newsletter, send me an email at supporters@techsupportalert.com. Remember to state the email address at which you are currently subscribed. Receiving duplicate issues? If you are receiving an
unwanted copy of the free edition of this newsletter,
you can cancel that subscription by going to the
following link:
http://www.webelists.com/cgi/lyris.pl?enter=support.alerth Note that the free and paid editions are totally different publications so you can unsubscribe to the free edition without any chance of impacting your paid subscription. The 46 Best-ever Freeware Utilities The Extended List of the Latest
Freebies For lots more free IT
newsletters see You can contact this newsletter
by snail mail at: Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2007 See you next issue. Next month's issue will be published on the 21st of June. Gizmo |
