0. EDITORIAL: How to surf with complete security.
Well it cost me $189 to make my web surfing totally secure but it looks like you can do it for free.
Regular readers of this newsletter are aware that I surf the web using a virtual PC that's hosted on my normal PC. This virtual PC is created with the VMWare Workstation program.
The advantage of this approach is immediate; I don't care if the virtual PC gets infected because I can just shut it down and the infection is wiped out without affecting the real PC that hosts the virtual PC.
I also use a virtual PC to download and install new programs. Once again, if my virtual PC becomes infected by a virus, spyware or a trojan, I can just shut it down, re-start and the infection will be gone.
Another benefit is privacy; when I shut down the virtual PC, all traces of my surfing history disappears as well.
These benefits may be attractive, but most folks aren't prepared to fork out $189 for VMWare Workstation in order to get them.
But now you can get the benefits for free. The VMWare Corporation has released a free cut-down version of VMWare Workstation called VMWare Player.
VMWare Player can't create new virtual machines like VMWare Workstation but it can "play" existing ones. It works like this: you install the Player, then load an image of a virtual machine using the Player. Once the image is loaded, you have exactly the same virtual environment and features as if you were using VMWare Workstation. That means you can shut down and re- load that image as many times as you like, eliminating any infections and history in the process.
VMWare have on their web site a whole batch of free pre- configured virtual machine images including a "Browser Appliance" which is a pre-configured Linux based system with the Firefox Browser installed. You can use this to browse the web securely without fear of infection.
If you use the Browser Appliance, you are not installing Linux on your Windows PC but rather are running a virtual machine that uses Linux. It won't interfere with your normal Windows PC in any way.
You don't have to worry about complex Linux networking either. The VMWare Reader will transparently connect you to the internet using your normal Windows connection.
Of course you don't have to run a Linux Virtual Machine, you can run one that uses Windows or any other operating system. All you need is to get your hands on the appropriate virtual machine image.
A quick Google search will reveal quite a few images available on the web including various versions of Windows. However I'd be pretty sure most of these present Windows Licensing problems.
The ideal approach is to create your own image based on a separate licensed copy of Windows. Don't use your normal workstation license though, Microsoft licensing does not permit that.
You can't create a new virtual machine image using the VMWare player - you need the full $189 VMWare workstation to do that. You can however, use readily available freeware utilities to achieve the same result. Here's a link to a web site that shows you how:
This process is not for beginners but is well within the scope of almost all experienced users.
Rolling your own virtual machine has another advantage: preconfigured images are big, often 500MB and more, so creating an image on your own PC saves a lot of your internet bandwidth.
I encourage you to download the VMWare Player and try running a virtual machine on your PC. Using a virtual environment will change the way you view computing. Once you are freed from security and privacy concerns you will be free to surf the internet to places you would never dream to go, free as well to install and try out programs to your heart's content, knowing that at any time you can wipe everything from your PC just by hitting the Virtual Machine reset button.
Player: Freeware, Windows and Linux versions available,
See you next month.
PS This month I'm giving away six free copies of the the top rated anti virus NOD32 plus lots of Google GMail invites. For details, see below.
Support Alert relies on paid subscriptions to survive. If you feel that you've benefited from reading this newsletter perhaps you would like to consider donating by subscribing to the premium "Supporters' Edition" of this newsletter.
The Premium SE Edition contains almost twice the number of great tech sites, free utilities, tips and other content as the free edition. It's also ad-free.
You'll also get immediate access to the archive of all past issues of the Premium Supporters' Edition of the newsletter where you can catch up on the hundreds of great utilities you missed in the free edition. The SE Edition is a great deal and at $10 per year it's a bargain.
This month I'm giving away to new subscribers, six free copies of the the top rated Anti virus NOD32.
NOD32 is a brilliant program for protecting your PC yet it only consumes a modest amount of your computing resources. That's why I use it on my key work computers. At $39 it's good value but it's even better value when you can get it for free.
The six copies I'm giving away will be allocated at random but your chances of scoring one are actually quite good. So if you have been thinking of subscribing, now's the time.
I'm also giving away invites to Google Gmail to new SE subscribers. Last month everyone who wanted one got one and I expect the same to happen this month. Just email me at firstname.lastname@example.org after subscribing to the Premium SE Edition and I'll send your invitation.
Even if you don't win anything you'll still get my special report "Gizmo's Desert Island Utilities" which outlines the software I use myself, including many free product
HOW TO SUBSCRIBE TO THE PREMIUM SE EDITION
12 months subscription to the Supporters' Edition costs $10 which can be made by check or credit card using either ClickBank or PayPal or simply send cash.
the link below to subscribe now:
1.0 TOP TECH SITES AND RESOURCES
1.1 How to Send 1.5GB Emails for Free
by your ISP to a maximum email size of 10MB or less? No
problem, use this file upload service from FileFactory and you
can email files up to 1.5GB. FileFactory also allows you to
upload non-email files up to 500MB and share them with multiple
users. While the maximum size of individual files is limited,
the total of all your files stored on the server is not. Not bad
1.2 How to Make Your PC Quieter
a site dedicated to the subject. Lots of good tips and
recommendations. Worth bookmarking.
1.3 How to Reformat Your Hard Drive Without Data Loss
can do this using Partition Magic and a number of other
expensive partition managers, but this article shows you how to
do it for free using a Linux Boot Disk. For experienced users
1.4 Free Downloadable eBook of Photoshop Techniques
Dan Hervey writes, "Gizmo this free PDF eBook is
really useful for anyone who wants to improve their digital
photos using Adobe Photoshop. It uses a step-by-step approach so
it's great for beginners but there's plenty for experts as
well." Thanks Dan, I notice it's for version 7 of Photoshop
which is now a little out of date. That's OK as most of the
techniques still apply to the latest release though you may find
that the tool locations have changed. To download this 32MB
eBook right click on the following link and select "Save as .."
1.5 The Definitive BIOS Optimization Guide Updated
Wong's definitive guide to BIOS settings has just been
** Additional Items in the Premium SE Edition **
1.8 Free RSS Service
Got some great tech sites to suggest? Send them to: email@example.com
A Better Way to Support Your End Users
Looking for a secure solution for supporting users behind your firewall or theirs? NetOp now has two remote access products, which can be integrated into a single solution, to better meet your IT support needs:
NetOp Remote Control v8.0 provides legendary speed and security for supporting users and servers across your LAN, WAN and at remote locations. And the new NetOp On Demand is the ideal solution for customers and end users who need immediate, on demand, help but who don't want to install software or configure their firewall. Sold separately, both work from the same NetOp Guest interface to provide best-of-breed support for all your users. Used together, help desk representatives can view multiple Host PCs from both products at the same time.
Award-winning NetOp Remote Control v8.0 was designed specifically to meet the needs of IT professionals who require impenetrable security, scalability and real-time speed to control, inventory and manage attended or unattended PCs over the Internet, networks or via modems. New NetOp On Demand offers temporary, Internet-based, support to end users who need only download a small ready-to-use file with no firewall configuration.
Learn more about these products and download trial versions today.
2.0 TOP FREEWARE AND SHAREWARE UTILITIES
2.1 Best Free Video Editor
Jim Nix writes, "Gizmo this Christmas season I became
in need of a video editor. I discovered my copy of Adobe
Premiere 5.1 LE did not allow for gamma, brightness or contrast
adjustment. I checked your "Best 46 Freeware" listings and found
no video editor. If you have considered adding such a category I
suggest you consider VirtualDub  which is outstanding. The
package is however not complete without the additional filters.
A comprehensive collection of third party filters is available
from an Italian site  - just click on the "TELECHARGER ICI"
button to download the complete set of filters (RAR pack). Once
all the filters are installed, delete the "PCVideo Image
Processor" filter as the installation instructions are missing a
step. Again, thank you for the fine newsletter." Well thank you
Jim. I'm not a video sort of guy but I've checked out VirtualDub
and it's an impressive Open source package that is regularly
updated by its author. Note however that it won't handle DVD or
MP4 and like all video software, needs a pretty fast PC.
Freeware, Windows 95 or later, 958KB.
2.2 Free Firefox Extension Offers Selective Privacy
V1.5 allows users to easily clear their internet
history, cache, cookies and other internet tracks. Sometimes
users don't want to clear everything but rather just the
information for a particular browsing session. You can do this
using the free Stealther extension. Once installed, just turn on
Stealther from the Tools menu before the session and afterwards
turn it off. Nothing will be recorded in the interim. Freeware,
Firefox 0.9-1.6a1, 2KB.
2.3 The Best Free Disk De-fragmenter
My top recommendation here has long been Diskeeper Lite V7, the last free
version of the commercial Diskeeper program now at V10. Or so it seemed until I
received this email from subscriber Vashek Weis. "Gizmo I found Diskeeper Lite 8
on a CD accompanying a new Intel motherboard and later when I checked for
updates on the Intel site I found Diskeeper Lite 9! To get it you need to
download the full version (89MB) of Intel Desktop Utilities. Once downloaded,
run the exe to unzip its contents into a folder of your choice. In the directory
tree created you will find these folders: .../3rdparty/Diskeeper/ and
.../3rdpartyDiskeeper.64/. Works great and the new Performance tab is excellent.
In the Readme_EN.txt and in the License Agreement I didn't find any rules
prohibiting downloading and using this program (on a single computer), therefore
I am assuming there aren't any. Please note that both on my desktop and on my
laptop the installation failed unless I uninstalled previous version of
Diskeeper Lite." Great find Vashek and thanks for writing. Windows 2000 and
2.4 Access Linux Files From Windows
who runs a Windows/Linux dual boot system will appreciate
this free driver that allows you read and write to Linux Ext2
volumes from within Windows. "Ext2 Installable File System for
Windows" works as a kernel mode driver that extends the Windows
NT/2000/XP operating system to include the Ext2 file system.
2.5 Backing Up DRM Protected Audio While Retaining Quality
is an update to an item I mentioned in issue 127. In that
issue I mentioned HotRecorder for Media  a $19.95 shareware
utility that claims to be able to convert iTunes and Yahoo!
Music sound files into .wav or .mp3 files while "maintaining the
original quality of the audio files." I expressed skepticism
about the quality claim but at the same time praised the program
for its ease of use. The quality question generated a lot of
correspondence from readers, several of whom claimed that they
had used HotRecorder and other similar products such as Tunebite
 and TotalRecorder  with excellent results. After doing
some research it appears that these products differ from older
recording products like MyMP3Recoder  in that they employ a
virtual sound card to capture music being played rather than
simply grab and re-digitize the analog output from a real sound
card. In principal this means that sound quality may indeed be
maintained as the whole process takes place in the digital
domain. I confirmed this claim with the developer of Tunebite
who stated, "One of the advantages of Tunebite is indeed that
the virtual sound card works full digitally. So with the re-
recording of DRM protected music the user has no reduction in
quality." Sounds good to me ;>)
** Additional Items in the Premium SE Edition **
some top utilities to suggest? Send them to
3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Windows WMF Fiasco
hot news this month was the widespread release on the web of
exploits utilizing serious flaws in the way the Windows graphics
rendering engine handles WMF (Windows Metafile) images. Tens of
thousands of PCs were infected with trojans and other malware
during the month simply by visiting web sites displaying
specially crafted images. Thankfully MS quickly issued a fix for
the problem outside of the normal monthly patch cycle and this
has now been distributed to Windows 2K and later machines via
the Windows Update service. There are a number of twists and
ironies here: First, MS has long been aware of the problem but
has consistently downplayed its severity. Second, the quickly
released patch was in fact a mistake; the patch was only
released outside of the monthly patch cycle because it was
accidentally posted to a public forum. Third, MS has taken an
odd position with patching Win9x systems. To quote their web
site: "Although Windows 98, Windows 98 Second Edition, and
Windows Millennium Edition do contain the affected component,
the vulnerability is not critical because an exploitable attack
vector has not been identified that would yield a Critical
severity rating for these versions." In other words no-one has
yet found a way to exploit the flaw so we are not going to fix
it. Hardly comforting for Win9x users. Finally, two new
vulnerabilities in the Windows graphics engine were discovered
within days of the release of the MS patch. The new flaws affect
even fully patched Windows 2000, Windows XP SP2 and Windows
Server 2003. Naturally MS yet again went into their usual denial
mode stating the new flaws were not as serious as stated. Not a
good month for Microsoft.
3.2 Microsoft Monthly Patches
separately from the WMF problem, Microsoft released two
other "critical" rated fixes in January as part of its monthly
patch cycle. The first  could allow an attacker to execute
arbitrary code on a user's PC simply by viewing specially
crafted fonts on a web site or within an HTML email message. All
versions of Windows are affected though with Windows Server 2003
systems the flaw is rated as "Important" rather than "critical."
The second flaw  is in MS Office 2000 and later as well as
specific versions of MS Exchange 2000 and later. The flaw lies
in the way these products decode the Transport Neutral
Encapsulation Format (TNEF) in a MIME email attachment. "An
attacker could exploit the vulnerability by constructing a
specially crafted TNEF message that could potentially allow
remote code execution when a user opens or previews a malicious
e-mail message or when the Microsoft Exchange Server Information
Store processes the specially crafted message. An attacker who
successfully exploited this vulnerability could take complete
control of an affected system." Patches for both flaws have
been distributed via Windows Update. If you are in any doubt
whether your PC has been patched please visit the Windows Update
service  now.
3.3 Is Your Sun Java a Security Risk?
folks have Sun Java installed on their PC but many have
never updated it. This is a concern as several serious security
flaws have been found in the product during 2005 and earlier.
If you have not already done so, it is extremely important that
you update your version of Java now. Doing this is quite easy:
Go to your Windows Control Panel now and select "Java" or "Java
Plugin" from the list then select Update to download and install
the latest version. If you don't see "Java" or "Java Plugin" in
your Control Panel then turn on "Classic view" from the left
hand panel. If you can't get this procedure to work you can
simply do an offline installation by downloading Java from this
3.4 Serious Flaw in VMWare NAT
of VMWare Workstation 5.5, VMWare GSX Server 3.2, VMWare
ACE 1.0.1, VMWare Player 1.0, and previous releases of these
products who use NAT for networking should update to the latest
version immediately as a serious security flaw in these products
could allow an attacker to gain control of the host PC.
3.5 Holes Patched in Apple QuickTime
has released V7.0.4 of QuickTime that fixes five known
buffer overflow flaws that could allow Windows and Mac machines
to be compromised simply by viewing a specially crafted
QuickTime QTIF, TIFF, GIF or TGA file. The new version also
includes a number of bug fixes. All users should update
immediately by using the "Update Existing Software" option from
the Help menu.
3.6 The Dangers of Using Open Wireless Networks
users are now aware of the dangers of home wireless
networks, however open access public networks are a far greater
risk. In fact, I'm constantly amazed at the way folks extol the
virtues of public Wi-Fi networks without even considering the
serious security risks involved. These risks are real and
immediate, not theoretical. You don't even have to be actively
using a public network to be exposed; simply allowing your
computer to automatically connect is enough. If you have a
laptop or PC with Wi-Fi access, please read this article.
3.7 Big Changes to Free Firewalls
much-loved Sygate Personal Firewall was discontinued on the
30th of November 2005. The decision  was made by the much-
unloved Symantec Corporation, who recently acquired Sygate and
its products. The excellent Kerio Personal firewall has also
disappeared but thankfully has been acquired by the folks at
Sunbelt Software, makers of the highly rated CounterSpy program.
Sunbelt has generously offered to continue the free version .
They have also dropped the price of the Pro version to $19.95 or
$14.95 if you purchase before the end of March 2006. That's
quite a deal.
3.8 Skype 2 Final version Released
new version 2 of Skype, the wildly popular VoIP program, has
finally been released. It's been in beta a while so it should be
pretty solid. Features include improved voice quality, one-to-
one video conversations, improved contacts organization and
more. Freeware, Windows 2000 and later, 9.5MB.
3.9 New Version Of uTorrent Released