If you experience problems reading this issue in
your email program you can read it online in your browser at
http://techsupportalert.com/issues/al_current.htm
IN THIS FREE EDITION:
0. EDITORIAL: USB Computing - the answers to your questions
1. TOP TECH SITES AND RESOURCES
1.1 How Does Your Firewall Rate?
1.2 Utilities that Work with Vista
1.3 Free Web Based Applications
1.4 The Great Defrag Shoot-out
1.5 How to Permanently Wipe a Hard Drive
1.6 Portable Software Lists
1.7 Free Online Services Offer RoboForm-like Functionality (Premium Edition)
1.8 How to Reduce Your Spam (Premium Edition)
1.9 Free Service Monitors Website and Server Uptime & Performance (Premium Edition)
Stop
Attacks That Anti-virus and Anti-spyware Scanners Miss! (advert)
2. TOP FREEWARE AND SHAREWARE UTILITIES
2.1 How to Mute Unwanted Website Sounds
2.2 Compress Your Files to the Max
2.3 Free Portable Media Player Tops Its Class
2.4 Using a USB Drive as a Laptop Replacement
2.5 Symantec Norton 360: First Impressions
2.6 Get Acronis True Image for Free (Premium Edition)
2.7 The Best Free Memory Optimizer (Premium Edition)
2.8 An Easy Way to Re-organize Your MP3 Files (Premium Edition)
3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Microsoft Security News
3.2 Firefox Updated to V2.0.0.4
3.3 No More Updates for Firefox V1.5
3.4 Serious Flaw in Yahoo Messenger
3.5 New QuickTime Security Patch Underscores Need to Keep Programs Updated
3.6 How to Protect Your PC Against Hostile Sites, Browser Flaws
3.7 Goggle's Security Blog Hints at the Future
4. OTHER USEFUL STUFF
4.1 Good Deals on USB Flash Drives
4.2 Free Utility Helps Your PC Conserve Power
4.3 The Next Big Thing?
4.4 Good Guide to Modern Website Design
4.5 Useless Waste of Time Department
4.6 Site Keeps You Informed of Freeware Updates (Premium Edition)
4.7 Is Your Flash Drive Compatible With Vista? (Premium Edition)
4.8 Eset Offers NOD32 for Free (Premium Edition)
5. TIP OF THE MONTH
5.1 How to Improve Your Security When Using a Public Terminal (Part 2 of 3)
6. FREEBIE OF THE MONTH
6.1 Notepad on Crack
6.2 The Best Free Desktop Publishing Program (Premium Edition)
7. MANAGING YOUR SUBSCRIPTION
0.0 EDITORIAL
Last
months editorial on using a USB flash drive as an alternative to a laptop created a flood
of user queries. This month I'll try to answer your three most common questions:
What kind of USB flash
drive do I need?
Forget about that old 256MB USB 1.1 drive you got for your birthday two years ago, you are going to need a fast USB 2.0 drive. The fastest you can afford.
To
run applications from your USB flash drives you need a drive with the highest possible
read data transfer rate otherwise you are going to get frustrated by the time it takes
your programs to load.
Fast drives can cost a few dollars extra than slow drives but it's
money well spent as a fast drive can load programs more than ten times more quickly than a
slow drive. As a rule of thumb a fast drive is one with a read rate of more than 15 Mbs.
Here are the manufacturer's stated read rates for some of the faster drives around:
Corsair
Flash Voyager GT |
34Mbs |
Memina
Rocket |
30Mbs
|
Lexar
JumpDrive Lightning |
30Mbs |
OCZ Rally
2 |
28Mbs |
Kingston
Data Traveler Secure |
24Mbs |
SanDisk
Cruzer Titanium |
15Mbs |
Only
buy a genuine USB 2.0 drive. Don't buy a drive that is the older USB 1.1 standard or one marked as "USB 2.0 Compatible." These drives drive are simply not zippy enough for running applications.
Drive
capacity is less important than speed. In fact to run a full suite of applications you
really don't need much bigger than 512MB. But large flash drives are now so cheap it would
seem a folly to buy anything less than 2 GB.
Should I buy a U3 drive?
It's
not that important. You can setup a great portable system using either a U3 drive or a
standard drive. In fact many portable apps are available in both U3 and non-U3
versions.
U3
smart drives are those that comply with the U3 mobile computing standard set down by U3 LLC (www.u3.com), a consortium of vendors lead by Sandisk. The main idea behind U3 was to develop a platform where programs could run independently on USB drives without leaving any trace on the host PC. The U3 standard also provides for a user menu (the Launchpad) that pops up when the USB drive is inserted into a host and it also mandates password protection.
It's
a great idea in principal but in practice there are not a lot of programs around that are
written for U3. Indeed some software authors have avoided writing for U3 as they feel it
is a proprietary standard. Furthermore there have been a lot of reports that U3 drives
simply won't work with particular host PCs.
The
Launchpad is no big deal; you can do that from non U3 drives using different techniques.
And even the password protection is not foolproof; it simply stops the Launchpad being run
and doesn't adequately prevent access to the unencrypted data partition.
Remember
too that U3 drives will only work with Win2K SP4, XP and Vista. Older Windows operating
systems Mac OS, Linux, and Unix are not supported. That's quite a limitation, particularly
when using public terminals.
Don't
get me wrong; U3 applications on U3 drives can work wonderfully well. It's just that you
don't really need U3. It's just an option. Me, I bought a non-U3 drive as it was cheaper
and promised fewer complications.
If
you can get a good deal on a U3 smart drive then take it. Besides if you strike problems
it's easy to convert it to a standard drive. Just uninstall U3 from the Settings option
within the Launchpad. You can also re-install U3 later if needed, by following the
instructions on the U3 website.
It's easy to lose a USB
drive. What then?
You
need to be prepared for the fact that one day you are going to forget to unplug your flash
drive from a public PC, leave it on a table, lose it from your pocket or whatever. Losing
your drive may mean you no longer can access your email, favorite websites, passwords etc.
This may mean zip to some folks but for many others including me, it could be a
disaster.
I
handle it by having a separate backup flash drive that I carry around in a different
location to the first. I keep the two drives synchronized using a free portable syncing
program called Allway Sync 'n' Go Given the low cost of flash drives a spare drive is the
best solution. If you can't afford a second drive you can use Sync 'n' Go to backup your
flash drive to your PC.
Replacing
your USB drive is one problem but what happens to your confidential data on the drive that
has been lost is another.
If
you are really worried about the implications of someone else getting access to your files
then buy a flash drive that controls access with an inbuilt fingerprint scanner.
Furthermore, test that it works.
Even
if your drive didn't come with a fingerprint scanner it probably came with some form of
encryption software. Mine did though the only way I found out was by looking though all
the folders that were on the drive when I bought it.
Note
that many standard encryption programs including the popular open source TrueCrypt,
require administrative rights on the host PC. That's probably not an issue with your own
computers but could be an insurmountable problem if you are using a public terminal almost
all of which run limited user accounts that don't have admin privileges.
If
your USB drive didn't come with an encryption utility I suggest you adopt a simple but
usable solution rather than complicate life with fancy encryption utilities. Personally I
use IZArc2Go. It's not an encryption program but an archiver similar to WinZip. However
like the more recent versions of WinZip, it allows you to password protect archives using
256 bit AES encryption that is virtually unbreakable. IZArc2Go is also totally portable,
doesn't require admin privileges to run and is free. Besides it's always handy to have an
archiving program on your USB stick just in case someone sends you a RAR file or other
archive format not supported by Windows.
For
complete security you need to use a secure file eraser along with IZArc2Go to erase the
originals of your private files once they have been encrypted. If you don't use a secure
erase utility it's quite possible for someone to un-delete your deleted files. I recommend
UltraShredder for secure erasing; it's free, portable and easy to use.
Here's
how you can encrypt your flash drive files:
First
run IZArc2Go from your flash drive then drop and drag all your sensitive data files into
the IZArc2Go window. Accept the default ZIP archive type and under "encryption" select AES
- 256 bit from the drop-down list. You will then be asked to enter and re-enter your
password. Then press "Add" to start the archiving. Once all your files have been archived,
securely delete the originals. You can do this by starting up UltraShredder from your USB
drive then dragging and dropping the original files into UltraShredder's
window.
Once you have created an
encrypted archive, IZArc2Go allows you access and manage your data from within
the archive so mostly you won't need to unpack the archive to get to your data.
However if do need to access the data from another program then just enter your
password and unpack the files you need by dropping and dragging them from the
archive to a convenient folder on your USB drive. Remember though to securely delete the unpacked files
using UltraShredder when you have completed your
session.
OK
that's it for now. If you want to learn more about portable applications check out Briard's article in item 2.4 below.
See
you next month
Gizmo
editor@techsupportalert.com
PS This month I'm giving away
six free copies of the the top rated Anti virus NOD32.
For details, see below.
Support Alert is not produced by a
giant publishing empire, it's the work of one man,
working alone, namely me.
Support Alert relies on paid
subscriptions to the Premium Edition to survive. If you
feel that you've benefited from reading the free
edition perhaps you would like to consider subscribing
to the Premium.
The Premium Edition contains almost
twice the number of great tech sites, free utilities,
tips and other content as the free edition. It's also
ad-free.
When you subscribe you'll also get
immediate access to the archive of all past issues of
the Premium Edition where you can catch up on the
hundreds of great utilities you missed in the free
edition. If you like the free edition you'll
love the premium. At $10 per year it's just the cost a
few coffees.
This month I'm giving away to new
Premium subscribers, six free copies of the the top
rated Anti virus NOD32.
NOD32 is a brilliant program for
protecting your PC yet it only consumes a modest amount
of your computing resources. That's why I use it on my
key work computers. At $39 it's good value but it's
even better value when you can get it for
free.
The six copies I'm giving away will
be allocated at random but your chances of scoring one
are actually quite good. So if you have been thinking
of subscribing, now's the time.
Even if you don't win anything you'll
still get my special report "Gizmo's Desert Island
Utilities" which outlines the software I use myself,
including many free products.
How to subscribe to the
Premium Edition: 12 months subscription to the Premium
Edition costs $10 which can be made by credit card,
PayPal or eCheck. Use the link below to subscribe
now:
http://www.techsupportalert.com/se-edition.htm
1.0 TOP TECH SITES AND RESOURCES
1.1 How Does Your Firewall Rate?
At
this site they test all the major firewalls using leak-tests. Now outbound leak-testing
is only one criterion for assessing firewall performance indeed some would argue that
inbound protection is more important. My view is that both are important as are user
friendliness, resource usage, software compatibility and resistance to termination by
hostile agents. That said Comodo, Jetico and ZoneAlarm Pro top he list while the Microsoft
XP SP2 firewall get the wooden spoon. ZoneAlarm free was another notable poor performer.
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
1.2 Utilities that Work with Vista
If
you use Vista you will already have discovered that many of your favorite freeware and
shareware utilities won't work with Vista. At this site they list
many utilities that will work. Note: despite the site's name, a good proportion of the products
listed are commercial shareware not freeware.
http://www.freevistafiles.com/
1.3 Free Web Based Applications
In
recent issues I've mentioned how web based application may one day replace some of the
programs currently running on your PC. Here's a list of just some of the products and
services available.
http://tinyurl.com/2dztm8 (cogniview.com)
1.4 The Great Defrag Shoot-out
One
of the best comparative reviews of defragmentation utilities I've seen. I don't agree with
all the author's comments but hey, everyone is entitled to their opinion.
http://donnedwards.openaccess.co.za/2007/04/great-defrag-shootout-part-1.html
1.5 How to Permanently Wipe a Hard Drive
Most
users are aware they can securely erase files and drives using free utilities like
"Eraser" [1] and "Boot and Nuke" [2] that overwrite the data multiple times. At this site
[3], suggested by subscriber Chris Price, they show how you can securely wipe a drive
using a little-known feature built into many hard drives.
[1] http://www.heidi.ie/eraser/
[2] http://dban.sourceforge.net/
[3] http://blogs.zdnet.com/storage/?p=129&tag=nl.e622
1.6 Portable Software Lists
There
are lots of these lists; none is complete but here are two of the best. The first covers
free software while the second includes commercial products as well.
http://www.portablefreeware.com/ http://en.wikipedia.org/wiki/List_of_portable_software
**
These items appear only in the Premium Edition **
1.7 Free
Online Services Offer RoboForm-like Functionality
1.8 How to
Reduce Your Spam
1.9 Free
Service Monitors Website and Server Uptime and Performance
Got
some great tech sites to suggest? Send them to:
editor@techsupportalert.com
------------------------ advertisement
----------------------------------
Stop Attacks That Anti-virus and Anti-spyware Scanners Miss
LinkScanner
Pro provides real-time analysis of network traffic,
web site content and behavior. It secures vulnerable web-connected
applications and stops attacks existing security programs miss.
Vulnerabilities
and exploits like WMF, VML, CreateText Range and
setSlice have, and continue to, spread rootkits and open backdoors on
computers around the world. LinkScanner Pro stops exploits and keeps
you away from poisoned, hacked sites no matter where you go on the
Web.
Special
Offer - Buy LinkScanner Pro & get Registry Booster 2.0 free!
Use this link to learn more:
http://www.explabs.com/promotions/tsa_pro.asp
------------------------------- end of ad
-----------------------------------
2.0 TOP FREEWARE AND SHAREWARE UTILITIES
2.1 How to Mute Unwanted Website Sounds
Subscriber
Rodney Green writes "Gizmo, in issue #145 of your newsletter a reader mentions that they
hate it when a website starts playing music. I found an application called FlashMute [1]
that works well for muting sound from Flash movies in Internet Explorer, Firefox and a few
other browsers." Nice suggestion Rodney, FlashMute is a great way of overcoming a common
annoyance but it won't stop HTML based sound used on many sites. To do this you need to
consider other option. For example Internet Explorer allows you turn off all webpage sound
from the Advanced tab within Tools /Internet options however I find this very inconvenient
as sometimes you want to listen to web audio. Firefox doesn't even offer an audio mute
option at all but there is a free Firefox extension called Stop AutoPlay [2] that is
designed specifically for the job. It works by adding a browser button that rather
conveniently allows you to play or mute at will. It doesn't stop Flash sound files but if
you use FlashMute in addition to Stop AutoPlay you have a pretty complete solution to all
unwanted web sound.
[1] http://www.indev.no/?p=projects#flashmute Freeware, Windows 98-XP, 233KB
[2] https://addons.mozilla.org/en-US/firefox/addon/1765
2.2 Compress Your Files to the Max ZIP
may the most common algorithm for compressing files but it's far from the most effective.
The Open Source 7-ZIP for example offers higher compression for most files but there are
specialist archive formats that offer higher still. I was however a little shocked when
subscriber "Panzer" wrote to tell be about the free KGBArchiver which he heard, could
compress Microsoft Office from 1.5GB down to 2MB! On testing, KGBArchiver V1.21 proved to
be a competent well implemented archiver offering 10 different levels of compression using
the PAQ algorithm. Archives are created in .kgb format. It also can create self extracting
archives, supports ZIP, has drag and drop, a right click context menu and a few other
niceties. It's not really a substitute for WinZip or IZArc but a specialist product aimed
at those seeking to compress files down to the smallest possible size. I ran some test for
different types of files with KGBArchiver set at its default compression setting and at
its "Extreme" setting, its second highest. I couldn't run it at its "Maximum" setting as I
was told my computer's 1GB of memory was insufficient. Here are the results along with
some other popular archive formats for comparison:
File type |
Source |
Zip |
Rar |
7Zip |
KGB |
KGB |
|
|
|
|
|
Default |
Extreme |
Plain text file (.txt) |
1176 KB |
118 |
104 |
96 |
118 |
67 |
Word document (.doc) |
441 KB |
376 |
247 |
245 |
244 |
243 |
Video file (.WMV) |
629 KB |
619 |
619 |
623 |
617 |
616 |
Program file (.exe) |
5867 KB |
5809 |
5815 |
5873 |
5804 |
5798 |
At
its default setting KGBArchiver performed competently but on average, no better than
WinRAR or 7-ZIP. At its "extreme" setting it did a great job at compressing plain text
files but struggled to squeeze anything more out of the other file types. Before you get
too enthused let me tell you that KGBArchiver seemed to take forever to compress files at
the "extreme" setting. The 5.5MB .exe file took nearly 7 minutes and a similar time to
extract while by comparison WinZip did it in 4 seconds and WinRAR in 9. Furthermore
KGBArchiver consumed my computer's entire CPU and memory resources while compressing. So
is it worth it? Not for most users. However sysadmins and archivists with large text files
to store (and plenty of CPU time) should at least check it out. Freeware, Windows
2000-Vista, 1.02MB
http://kgbarchiver.net
2.3 Free Portable Media Player Tops Its Class
In
the Premium Edition of issue #144 I mentioned "The KMPlayer" portable media player. My
main focus at the time was the fact that you could use it on a USB stick but the feedback
I've received has been so positive that KMPlayer may well be a strong candidate for the
"Best Free Media Player." Here's the original item from #144:
Subscriber Brian Treusch writes "Gizmo, I came across this freeware media player called
"The KMPlayer" that can either be run from a thumb drive or installed. It supports
numerous formats including DVD playback. After using it for a while, it has become my
favorite player. Goodbye Windows Media 11!" I'd never heard of this Korean player Brian,
but boy am I impressed. It comes with a whole batch of inbuilt codecs and support for
external codecs as well. In the audio area it supports AC3, DTS, LPCM, MP2, MP3, Vorbis,
AAC, WMA, ALAC, AMR, QDM2, FLAC, TTA, IMA ADPCM, QCELP, EVRC, RealAudio and more while
with video you can play DivX, XviD, Theora, WMV, MPEG-1, MPEG-2, MPEG-4, VP3, VP5, VP6,
H263(+), H.264(AVC1), CYUY, ASV1/2, VQ1/3, MSVIDC, Cinepak, MS MPEG4 V1/2/3, FFV1, VCR1,
FLV1, MSRLE, QTRLE Huffyuv, Digital Video, Indeo3, MJPEG. To have these features available
on a thumb drive is quite extraordinary. Freeware, Windows 98-2003, 12.3MB.
http://www.kmplayer.com/forums/index.php http://www.kmplayer.com/forums/showthread.php?t=4704<= Link to download
2.4 Using a USB Drive as a Laptop Replacement
Regular
contributor "Briard" takes a break from the world of Linux and instead explores the
potential of Windows flash drive computing.
http://www.techsupportalert.com/briard_in_usbland.htm
2.5 Symantec Norton 360: First Impressions
I
used to be a great admirer of Norton Antivirus. Indeed I used it myself for years. While
it's effectiveness in detecting viruses has never been in doubt it acquired over the years
a reputation as a resource hog. Each successive version seemed to cause your PC to run
slower and slower. Around 2004 it got so bad that I gave the product away and migrated to
NOD32. I was not alone; thousands of knowledgeable users abandoned Norton AV and Norton
Internet Security Suite for more resource efficient security products. Symantec's response
was to initiate a project called "Genesis" to create a new security product from scratch.
This was to be a ground up re-write rather than a revamp. Furthermore this new product
would not only include anti-virus capabilities but anti-spyware detection, rootkit
detection, behavior based malware analysis, phishing and malicious site blocking, a
stateful firewall, backup and more. It was an ambitious project but a worthy one. Despite
the pressing need I'm not aware of any other security vendor who has totally re-written
their core product. Most just enhance their existing products and bolt on additional
modules leading to every larger, more unwieldy and less efficient products. Project
Genesis gave rise to Norton 360 [1] that was released earlier this year. Early reviews
[2], [3] have been glowing and suggest that Symantec has indeed succeeded in creating a
product that is effective, resource efficient and user friendly. Norton 360 is an end-user
product so I though I'd ask end-user Rick Farrow to check it out. Full assessment will
have to wait until the new anti-malware engine is tested by a full certification lab like
AV Comparatives. Meanwhile you can read Rick's report here [4]. Commercial software,
$69.99 for up to 3 PCs, 15 day free trial, Windows XP - Vista, 49.4MB.
[1] http://www.symantec.com/norton360/
[2]
http://www.pcpro.co.uk/reviews/110678/norton-360.html
[3]
http://reviews.cnet.com/internet-security-and-firewall/norton-360/4505-3667_7-32330411.html
[4]
http://www.techsupportalert.com/review-norton-360.htm
**
These items appear only in the Premium SE Edition **
2.6 Get
Acronis True Image for Free
2.7 The
Best Free Memory Optimizer
2.8 An Easy
Way to Re-organize Your MP3 Files
Got
some top utilities to suggest? Send them to
editor@techsupportalert.com
3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Microsoft Security News
In
the last month a new series of JavaScript related flaws were discovered in Internet
Explorer [1]. These flaws could be exploited even if fully patched version of IE 6 and 7
and allow a hostile website to take control of an affected PC. A related flaw was also
found in Firefox. As of today these flaws remain unpatched.
These
flaws highlight yet again that you cannot rely on regularly applying Windows and other vendor updates to protect your computer when surfing. Always surf in sandbox or with your browser running with reduced rights. See item 3.6 below.
Patch
Tuesday the 12th of June saw the release of six security updates from Microsoft, four of
which were rated "Critical." The critical updated covered flaws in Windows, Internet
Explorer, Outlook Express and Microsoft Mail. Another flaw rated "moderate" affected
Vista systems and could allow "non-privileged users to access local user information data
stores including administrative passwords contained within the registry and local file
system."
Further
details of the June updates can be found here [2]. All the updates are distributed
automatically via the Microsoft Update Service. Dial-up users in particular need to be
aware that these updates are large files and you will need a considerable period of time
online for them to download successfully. If you have any doubts whether you have received
the updates, then visit the Microsoft Update Service [3] now.
[1] http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html
[2]
http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
[3] http://update.microsoft.com (Requires IE5 or later)
3.2 Firefox Updated to V2.0.0.4
Mozilla
released a performance and security update for Firefox on the 30th of May. The new version
2.0.0.4 has better Vista compatibility and fixes five security flaws one of which was
rated as "critical." Also released were the corresponding updates for the older Firefox
V1.5, Thunderbird and the SeaMonkey Suite. To my knowledge there are no current exploits
in circulation that utilize these flaws however, it is essential that you update now as
the malware developers routinely reverse engineer security updates to identify flaws to
exploit in unpatched machines. Users with automatic updates enabled should have had the
new version automatically delivered and installed. You can check by selecting Help / About
from within Firefox. If your version number is less than V2.0.0.4, then update manually
from here [1]:
http://www.mozilla.com/firefox/
3.3 No More Updates for Firefox V1.5
Support
for the old V1.5 version of Firefox was discontinued by Mozilla at the end of May. V1.5
users should upgrade to V2 as soon as possible any newly discovered flaws in the old
version will not be patched. Starting from June 7th users with the automatic update
service enabled will be advised of the upgrade. Other users should upgrade manually here:
http://www.mozilla.com/en-US/firefox/
3.4 Serious Flaw in Yahoo Messenger
A
critical buffer overflow flaw was discovered in the popular Yahoo Messenger instant
messaging product. The flaw could allow a hostile website to take full control of a
vulnerable PC. The flaw affects all versions of Messenger from 5.5.0 through to 8.0.0. All
users should upgrade immediately to version 8.1.0.401 available from here [1].
[1] http://messenger.yahoo.com/
3.5 New QuickTime Security Patch Underscores Need to Keep
Programs Updated
A
patch for QuickTime 7.1.6 was released by Apple on the 29th of May to cover a Java
Extensions flaw that could allow a PC to be compromised by simply by visiting a hostile
website. Affected systems include Windows 2000 SP4, Windows XP SP2, OS X v10.3.9 and
v10.4.9. The Windows patch can be downloaded from here [1]. This flaw highlights the need
for users to keep all the software on their PC up-to-date not just Windows and Office.
You can easily check all your products by using the free service Software Inspector
service [2] over at Secunia.
[1]
http://www.apple.com/support/downloads/securityupdatequicktime716forwindows.html
[2] http://secunia.com/software_inspector/
3.6 How to Protect Your PC Against Hostile Sites, Browser
Flaws
Recent
reports from Google [1] and Sophos [2] have highlighted the rapid increase the number of
hostile websites. These sites use flaws in popular browsers as well as Windows to secretly
infect anyone who happens to accidentally visit them. Keeping all your products up-to-date
reduces your risk of infection but increasingly these hostile sites are exploiting new or
unpatched flaws to attack visitor's computers. It's not hard to protect your PC against
these threats: surf from within a sandbox such as Sandboxie or alternatively run your
browser with reduced rights. To help you I've written a short how-to guide [3] that's now
on my website. If you are not yet using these protective techniques I strongly recommend
you read this guide and adopt its recommendations.
[1] http://googleonlinesecurity.blogspot.com/
[2]
http://www.securecomputing.net.au/news/53424,number-of-infected-web-pages-soar.aspx
[3] http://www.techsupportalert.com/safe-surfing.htm
3.7 Goggle's Security Blog Hints at the Future
I
found this blog [1] quite informative, particularly the observation about the potential
vulnerability of virtualization based security products. With the appearance of this blog
and the recent purchase of the company that makes the GreenBorder sandbox, it looks like
something is definitely brewing at Google in the security arena. Then there's the recent
announcement of Google Gears [2], a toolkit that allows developers to modify their online
applications to work offline as well. My guess is that Google is working on a secure
browser for its online apps that also allows offline access through the Google toolbar.
Maybe I'm not guessing, just fantasizing :>)
[1] http://googleonlinesecurity.blogspot.com/
[2] http://code.google.com/apis/gears/-
----------------- sponsored links
-----------------------
The Best
Windows Backup Software
We are in the process of updating all the backup
reviews at our site but I can tell you right now that
the top product has blitzed the field for a second year
in row. In fact, it's improved so much that it's now a
one horse race for our "editor's choice." The updated
review of the top product is now online. If you have
been looking for a backup program, this is the one.
http://www.backup-software-reviews.com/
The Best
Spyware Detector
If you use Ad-aware or SpyBot you will be surprised
just how more effectively SpySweeper detects and
protects your PC from Spyware, Trojans,
keyloggers and other malicious products. That's why it
won the prized "Editor's Choice" award from PC Magazine
and is rated "outstanding" by Gizmo Richards, editor of
the highly regarded Support Alert newsletter. Spyware
has become so serious you can't afford less than the
best protection. Install it now before it's too
late.
http://www.webroot.com/wb/products/spysweeper/index.php?rc=1132
The Best
Remote Access Software
Our reviewer had given this product category away as
"too slow, tool clumsy and too unreliable" but after
reviewing this product he's changed his mind; "at long
last a remote access solution that actually works!
Quite frankly we agree with him, it's an impressive
product. Read the full review here:
http://www.pcsupportadvisor.com/best_remote_access_software.htm
The Best Free Kids Craft
Projects
Keep your young children engaged and amused with
healthy, creative arts and craft activities that won't
cost you a cent. Free newsletter packed with easy kids
craft projects.
http://kidscraftweekly.com/
------------- end of sponsored links
--------------------------
4.0 OTHER USEFUL STUFF
4.1 Good Deals on USB Flash Drives
You
can pick up a SanDisk 4GB Cruzer Titanium U3 from Comp-U-Plus for $38.99 while NewEgg has the huge, fast CORSAIR Flash Voyager 16GB Drive for $124.99 after a $20 rebate. Perhaps the best deal of all is at Buy.com where you can pick up a Kingston 2GB DataTraveler USB 2.0 Flash Drive for $12.95 after a $19 mail-in rebate. Shipping is free and you can save another $10 if you use Google Checkout making the unit only $2.95. At that price buy two and have a backup. Note that I don't make anything on these; they are just good deals I've seen around. Let me know if you stumble across a tasty bargain. Make sure though that any offer remains valid through to when I publish the next issue of the newsletter.
[1] http://tinyurl.com/2ck8wx (compuplus.com)
[2]
http://www.newegg.com/Product/Product.aspx?Item=N82E16820227145
[3]
http://www.buy.com/prod/kingston-2gb-datatraveler-usb-2-0-flash-drive/q/loc/101/202743330.html
4.2 Free Utility Helps Your PC Conserve Power
Subscriber
Tom Mahoney writes "Gizmo, here's a small program [1] to manage energy saving options on a
PC better and more consistently than XP. With my kids leaving PCs on all night and XP not
hibernating consistently. Read about it in the NYT." Thanks for that Tom. It's an
interesting program that been getting a lot of coverage as it expresses your PC energy
savings in "feel-good" terms as saved carbon dioxide emissions. CO2Saver works by more
aggressively controlling the power management on your PC compared to the Windows defaults.
It installs a desktop toolbar that shows your greenhouse gas savings. The same toolbar can
also be used for web search.
[1] http://co2saver.snap.com/
4.3 The Next Big Thing?
This
Popular Mechanics video demonstrating Microsoft's prototype "Milan" coffee table computer
will blow your mind. It will also blow your budget; we are talking $10,000 here. Note:
This is a large video file and you'll need a fast broadband connection to play it.
http://link.brightcove.com/services/player/bcpid932579976?bclid=932553050&bctid=933742930
4.4 Good Guide to Modern Website Design
Regular
contributor "Briard" writes "Gizmo. I'm looking at current trends in web design for a
project I'm working on, and came across a couple of really useful links [1], [2]." Nice
find Briard though I do wonder at what point the increasingly popular "Web 2 look" will
start to look tired, boring and overdone. Not yet I know but it must happen.
[1]
http://www.webdesignfromscratch.com/current-style.cfm
[2]
http://f6design.com/journal/2006/10/21/the-visual-design-of-web-20
4.5 Useless Waste of Time Department
Here's
a great way to mindlessly fritter away a few minutes of your life. Check this site where
you can read how others are currently frittering away theirs :>)
http://twitter.com/
**
These items appear only in the Premium SE Edition **
4.6 Site
Keeps You Informed of Freeware Updates
4.7 Is Your
Flash Drive Compatible With Vista?
4.8 Eset
Offers NOD32 for Free
5.0 TIP OF THE MONTH
5.1 How to Improve Your Security When Using a Public Terminal
(Part 2 of 3)
There
is no 100% safe way to enter passwords from a public terminal. That's a fact.
Modern
keyloggers can capture not only keyboard strokes but mouse clicks and the Windows
Clipboard. They can also take screen shots of what you are doing. Keeping your
confidential information from the prying eyes of the best of these sinister products is
extremely difficult, perhaps impossible. Then there is the problem of someone looking over
your shoulder and quite separately, security cameras.
So
the golden rule is don't ever enter confidential information into a hotel computer, an
internet cafe PC or other public terminal.
That's
the rule but rules get broken. Sometimes we simply have to use a public terminal. I have
and I bet most of my readers have too.
So
what can you do to improve your security when entering passwords?
Quite
a lot actually. Of the many different options available to improve your password security
to me the most attractive is to enter your passwords using a password manager like
RoboForm2Go running from your own USB flash drive. It's an option I covered in my
May
2007 editorial column.
When
run from a USB flash drive RoboForm2Go provides excellent security. In fact I've not yet
found a keylogger that can capture the information it enters into login boxes and webforms
from Portable Firefox. Don't take that to mean RoboForm2Go is 100% safe. It's
not; no product is.
One
particular area of weakness of RoboForm2Go is the master password you must enter to
activate the password manager. If a keylogger captured that and also managed to copy the
encrypted RoboForm master password file from your USB drive then you are in deep trouble
as they would be able to access all your passwords.
So
protecting that password is critical. Thankfully there are thing some simple entry
practices that can make entering this master password much more secure. Furthermore these
techniques can be applied to all password entry not just the master password in
RoboForm.
(a)
My first tip is to make your passwords (or passphrases) long and semi-random. Passwords
like "SncnGnls3Fp" are much better than something like "banana". This is not only because
long random passwords are more difficult to crack but also because they are more more
difficult to unscramble from a keylogger log particularly when used in concert with some
of the other techniques mentioned below.
Remembering
long semi random passwords is difficult but there are lots of mnemonic systems that can
help. By way of example the password "SncnGnls3Fp" I mentioned above is actually
"RoboForm2Go" transformed by a simple formula where the first letter is shifted one
forward in the alphabet (R -> S) while the next letter is shifted one back (o -> n).
The same alternating pattern continues for the rest of the characters.
There
a lot of different techniques and mnemonics for creating strong passwords and phrases. You can find some in this
Microsoft article. Also worth consulting is this
Wikipedia article on password strength.
(b)
My second tip is before you enter your password turn around and look behind you to ensure
no one is peeking. Make sure too that you shield the keyboard from the view of any
security camera. Long random passwords make it difficult for someone peering over your
shoulder to remember but it's still a good idea to actually physically check. Besides, it
only takes a few seconds.
(c)
My third tip is to use obfuscation techniques when typing your password. That's a fancy
way of saying you can should disguise your password by entering it in more complex way
than just typing it in from the keyboard.
For
example rather than just entering the password from the keyboard you could cut and paste
some of the characters that make up your password from another part of the screen. Ideally
this should be from the same window as the one containing the password field but other
windows will work fine too.
You
could could also drop and drag and drag some characters rather than use cut and paste.
Another trick is to enter a character by holding down the Alt key and using the numeric
keypad. For example the letter "a' can be entered by ALT 123. Yet another technique is to
use an onscreen keyboard to enter some of the characters.
You
can go one further and enter the last half of your password first followed by the first
half. You can then drop and drag the second half to the front from inside the password
box.
Using
a combination of these techniques to enter your password can make it really hard for
anyone to reassemble your password from a keylogger log. However by a using another
obfuscation trick we can make the task near impossible. This trick involves the insertion
and deletion of random dummy characters into your password.
For
simplicity lets say your password is abcdefg.
Rather
than enter your password as a simple sequence of letters throw in some additional dummy
random characters along these lines: aMNbOcZdPQReSfgTUV
Now
go back and delete the dummy letters one at a time. Delete some characters using
backspace, others using the mouse to highlight the letter(s) and the then hitting the
Delete key or using the right click context menu and selecting "delete."
By
combining the dummy character trick with the various multiple entry techniques you can
fool pretty well any keylogger. However don't feel you have to use every single
obfuscation trick I've mentioned; that's overkill. Indeed you may not be able to use all
these techniques as some sites and products limit what you can do do. For example
RoboForm2GO disables cut and paste as well as drop and drag when you are
entering the master password. It also won't allow you to access (get focus in)
any window other than the password box. However you can still enter and delete
dummy characters as well as entering characters using the Alt (numeric keyboard)
trick and combined with a long random password that's good enough.
It's
enough because any hacker reading a log from a keylogger has to read, identify, analyze
and re-assemble what's recorded. That's hard work. If you use long random passwords
combined with even a few obfuscation techniques then almost certainly you've made the job
too hard. Possible yes, but too hard, specially when there is easy picking available
elsewhere.
Next
month we'll look at another way of protecting your passwords by using on-screen keyboards.
I've located some great free products including one that works with RoboForm2Go so don't miss it!
6.0 FREEBIE OF THE MONTH
6.1 Notepad on Crack
Great
tag line eh? It's the way the author of ZuluPad describes his product and it's not too far
from the truth.
ZuluPad
is a cross between a note-taking program and a wiki. Put another way, it allows you to
create a document with many key phrases in a page linked and cross linked to other pages.
Furthermore it does this in such a simple and effortless manner that even a dummy could do
it.
Let
me give you an example. Suppose I was writing this newsletter item in ZuluPad. When I
first mentioned the word "wiki" in the second paragraph I could create a linked page by
simply highlighting the word "wiki." At that point ZuluPad would pop-up a new blank page
headed "Wiki." I could then write a definition of a wiki.
When
I returned to my original page the word "wiki" would now be linked. Furthermore any
mention of "wiki" in all current related pages and all new pages would be automatically
linked as well.
This
is an incredibly powerful way of cross relating information and has enormous application
from personal research through to commercial applications.
The
idea is not new; ZuluPad has obvious similarities with VoodooPad that has been around on
the Mac for quite a while and there are other similar applications that go way back.
However ZuluPad is the most usable implementation I've yet seen for Windows.
The
product is still at early stage in its development cycle, indeed the version I tested was
only 0.41. However I found it worked perfectly; it did all that I wanted and I didn't
strike a single bug. The free version is a little short on features so if you use the
product I suspect you may well be tempted to fork out $15.00 and upgrade to the Pro
version.
Also
available is a free web-syncing service that allows you to backup and access your
hyperlinked documents. However I did not test this service.
ZuluPad:
Free, Open Source, Windows ME - 2003, 1.6MB
http://www.gersic.com/zulupad/
**
Bonus Freebie for Premium Edition subscribers **
6.2 The Best Free Desktop Publishing Program
Commercial
Desktop publishing programs are expensive. QuarkXPress costs $749, Adobe InDesign costs
$699 and even Microsoft Publisher costs $169.
Happily there are two excellent free
desktop programs. One is ideal for small business and an excellent alternative to
Microsoft Publisher. The other free desktop publisher is a beautifully implemented full
featured product that can mix it with the big boys...
Full
details in the Premium SE Edition ...
How to get the Premium Edition
now
Stop missing out on all this extra
information! Subscribe now to the Premium Edition of
this newsletter and immediately receive the current
premium issue containing nearly double the information
contained in this free edition. Get twice as many great
web sites, twice as many top utilities and great
freebies and no ads.
You'll also get immediate access to
the archive of all past issues of the Premium Edition
of the newsletter where you can catch up on the
hundreds of great utilities you missed in the free
edition.
If
you like the free edition you'll love the premium. At
$10 per year it's just the cost a few
coffees.
Use
this link to subscribe online now:
http://www.techsupportalert.com/se-edition.htm
This month I'm giving away to new
Premium subscribers, six free copies of the the top
rated anti virus NOD32.
NOD32 is a brilliant program for
protecting your PC yet it only consumes a modest amount
of your computing resources. That's why I use it on my
key work computers. At $39 it's good value but it's
even better value when you can get it for
free.
The
six copies I'm giving away will be allocated at random
but your chances of scoring one are actually quite
good. So if you have been thinking of subscribing,
now's the time.
Even if you don't win anything you'll
still get my special report "Gizmo's Desert Island
Utilities" which outlines the software I use myself,
including many free products.
Use
the link below to subscribe now:
http://www.techsupportalert.com/se-edition.htm
7.0 MANAGE YOUR
SUBSCRIPTION
Support Alert is a free
newsletter. If you liked
this issue why not email it to a friend. Anyone can
subscribe by signing up online at
http://www.techsupportalert.com/al_subscribe.htm
Back Issues: A searchable
library of back issues is available at:
http://www.techsupportalert.com/issues/back_issues.htm
If you no longer wish to receive this
newsletter just go to
http://www.webelists.com/cgi/lyris.pl?enter=support.alerth
Enter your email address. No password is needed. You
can then cancel on-line. Premium Edition subscribers
should note that they can delete their free edition
subscription without affecting their premium
subscription as the two lists are totally
separate.
To change your delivery email address
go to
http://www.webelists.com/cgi/lyris.pl?enter=support.alerth
Enter your old email address. No password is needed.
You can then change your subscription email address
directly.
The 46 Best-ever Freeware Utilities
http://www.techsupportalert.com/best_46_free_utilities.htm
The Extended List of the Latest
Freebies
http://www.techsupportalert.com/more/extended.htm
For lots more free IT newsletters
see
http://www.TechNewsletters.com/infobase.asp?TPubId=79
For convenience North American subscribers can contact this
newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI 49321-0243 USA
Support Alert is a registered online
serial publication ISSN 1448-7020. Content of this
newsletter is (c) Copyright TechSupportAlert.com,
2007
See you next issue. Next month's issue will be published on the
19th of
July.
Gizmo
Ian Richards
editor@techsupportalert.com
|