Gizmo Richards Support Alert Newsletter - Premium SE Edition "Gizmo's top picks of the best
Tech resources and utilities"
Premium SE Edition,  Issue 136
17th August, 2006

If you prefer you can read this issue online from the Supporters' Area here


0. EDITORIAL: Security Product Review, Part 2
1.1 Google Warns Surfers of Hostile Sites
1.2 How Secure are Secure Web Pages?
1.3 How to Get Rid of Spyware Infections
1.4 A Free Stock Photo Site That Can Be Trusted
1.5 Convert Digital Photos to 3D for Free
1.6 My Favorite Social Bookmarking Service Now Out of Beta (SE)
1.7 Lots of Free PhotoShop Tips (SE Edition)
1.8 Test Your Browser's Standards Compliance (SE Edition)
1.9 Help for Windows 98 Users (SE Edition)
2.1 Microsoft Virtual PC Now Free
2.2 How to Build Your Own Web Site for Free
2.3 Free Site Offers Online Notes Service
2.4 A Quality IP Scanner for Nothing
2.5 Free Email Filter Impresses (SE Edition)
2.6 A Free Program that Blocks P2P Users (SE Edition)
2.7 Finally, Real ActiveX Support for Firefox and Opera (SE)
3.1 Microsoft Security News
3.2 New Rootkit Ups the Ante
3.3 Top Anti-Spyware Program Suffers New Version Woes
3.4 Yet Another Firefox Update
3.5 Controlling Microsoft Windows Genuine Advantage Hassles
4.1 Attractive Deals for Big Hard Drives
4.2 Free Creative Activities for Young Children
4.3 Test Your Web Design in 20 Different Browsers
4.4 Help for Color Blind PC Users
4.5 How to Take Great Digital Photos in Poor Light
4.6 Useless Waste of Time Department
4.7 Codecs for Anime Fans
4.8 Twenty Ways To Secure Your Apache Server (SE Edition)
4.9 Give Your PC a Free Checkup (SE Edition)
4.10 Free Multi-Format Document Viewer (SE Edition)
5.1 How to Backup the Windows Registry
6.1 The Best Free Anti-Virus Scanner
6.2 Free Programs to Test Your PC's Security (SE Edition)

In recent issues I've been examining the question of how well our computer security programs protect us against the latest generation of security threats.

To properly answer this question I've been carrying out an extensive series of tests on popular security products.

Last month I presented the first results. It wasn't good news. It showed that just about all the sixteen anti-virus, anti-spyware and anti-trojan scanners I tested could be easily terminated by hostile malware.

That's really bad news as a lot of modern malware routinely attempts to pull down your security software. A recent report suggests a figure as high as 40%.

I promised this month to give you the full results of my security tests. They are far too extensive to reprint in the newsletter but you can find them online here:

If you have time please read the full report, it's full of juicy information. However I've also prepared a summary table which you can find below.

The first column shows whether the security product could detect process injection. That's a technique used by malware to hide inside legitimate programs that are current running on your PC. Once inside these processes, they acquire the rights and privileges of the host process. If the host process has the right to communicate with the internet, the malware automatically gets that right, too.

The second column shows whether, independently of signature recognition, the security product could detect a malware program creating an autostart entry. In other words, could it detect an unknown program starting automatically with Windows? To pass the test the security product had to warn or prevent changes in the Startup folder as well as startup locations in the Registry.

The third column shows whether the security product protects your PC against drive-by infections. I tested each product at three hostile sites. To pass the tests, protection must have been provided against all three.

The final column show whether the security product can detect rootkits. I used two rootkits: Hacker Defender and FuTo. To pass, the product had to detect both.

Here are the results:

  Detect Process injection Detect
drive-by download
Ad-Aware Pro V1.6 Fail Fail Fail Fail
Avast! Home V4.7 Fail Fail OK Fail
AVG Anti-Virus Free V7.1 Fail Fail OK Fail
BitDefender Pro V9.095 Fail Fail Fail Fail
CounterSpy V1.5 Fail Fail Fail Fail
CounterSpy V2.0.122 beta Fail Fail Fail Fail
Ewido v3.5 Failt Fail Fail Fail
Ewido V4 beta Fail Fail Fail Fail
Kaspersky AV V6.0.0 Fail Fail OK Fail
NOD32 V2.51 Fail Fail OK Fail
Norton Antivirus 2006 Fail Fail OK Fail
SpyBot S&D V1.4 Fail Fail Fail Fail
Spyware Doctor V3.6 Fail Fail Fail OK
Trojan Hunter V4.5 Fail Fail Fail Fail
WebRoot SpySweeper V4.5 Fail Fail OK OK
Windows Defender V1.1.1051 Fail Fail Fail Fail

As you can see, the results are not very impressive; most products failed most tests.

Now, in mitigation some would argue that it's not the function of signature scanners to detect things like process injection or registry changes. These, it would be argued, are best left to intrusion detection and protection systems.

That's fine,  just make sure you have an IDS ;>)

However, no one can say that signature scanners shouldn't protect you from drive-by downloads or rootkits. Only one product, WebRoot SpySweeper, managed to do that. Even then it only managed to protect against drive-by download sites by its "Spy Communication Shield" banning access to the sites. With the shield disabled, it failed to protect as well.

Overall it's bad news all round. So what to do?

I gave you my conclusion last month and it remains unchanged.

I think it's pointless focusing on whether one security program is better than another when, in fact, all the security programs flunked.

The reality is that it's not possible to secure your PC against a malware program that is allowed to run on your PC with full admin privileges. Thank Windows for this.

Layering your defenses can clearly help. It doesn't solve the problem though. And the cost in complexity, inconvenience and processing power usage is high.

There is a better solution: run your PC in a virtualized environment whenever connected to the internet. It's simpler and more effective than any other option.

Remember though, virtualization is in addition to your normal security defenses. It doesn't replace them; it just makes their job easier.

Next month I'll talk in detail about virtualization options. In the meantime, be careful where you surf and even more careful what you install.

See you next month.



1.1 Google Warns Surfers of Hostile Sites

This is a useful innovation. Now when you do Google search and you inadvertently click a link to a malicious site, Google flashes up a warning screen. It uses a database of bad sites provided by [1]. It works well though not quite as effectively as McAfee's free SiteAdvisor plug-in [2] which is more comprehensive and has the added advantage of warning you before you click a link. If you don't have SiteAdvisor I suggest you get it now.

1.2 How Secure are Secure Web Pages?

Most folks believe that when they logon to a https site their username and password are securely encrypted. Subscriber Michael Horowitz argues that this is not necessarily so and I fully agree with him. It's an interesting read for computer users at all levels.

1.3 How to Get Rid of Spyware Infections

I regularly get email from distressed readers whose machines have been infected by spyware. Here are some common symptoms of infection:

- new icons on your desktop linking to strange sites
- a new browser homepage and/or browser toolbars
- Google searches that end up at some weird site
- dire warnings that your PC is infected and you must download a supposed anti-spyware product to clean it.
- very slow performance
- unexpected internet activity

If you suffer any of these symptoms then download HijackThis from this page [1] and follow the instructions on how to paste the output to the Tom Coyote web forums. These folks should be able to help you permanently get rid of the problem and it won't cost you a cent either.

1.4 A Free Stock Photo Site That Can Be Trusted

Last issue I mentioned the excellent site along with a reservation that one should be prudent in giving your real email address to such sites. That advice is well based but doesn't apply to It's a volunteer based site that's clean as a whistle. Highly recommended next time you are looking for a stock photo.

1.5 Convert Digital Photos to 3D for Free

Now here's a clever idea. PictureCloud is a free web service that will convert a series of digital images taken by walking around an object into a full 3D view. Kind of like panorama stitching in three dimensions. It's free for private use, commercial application costs around $1 per conversion.

** Additional Items in this Premium SE Edition **

1.6 My Favorite Social Bookmarking Service Now Out of Beta

Last month I wrote in glowing terms about Diigo, the new social bookmarking site that offers a more comprehensive set of capabilities than market leader Well, Diigo is now out of beta and rolling. It not only allows you to store and share bookmarks, web pages and page snippets, it also allows you to annotate web pages. Better still, when you revisit a site your annotations are automatically displayed and, if you wish, you can share them as well. Much to like here.

1.7 Lots of Free PhotoShop Tips

Want to whiten someone's teeth? Like to type on a curved line? Need to hand tint a photo? Find the answers to these questions and many more at this impressive site.

1.8 Test Your Browser's Standards Compliance

Does your browser comply with the W3C standards? It's a question that's actually quite hard to answer as there are so many different facets to compliance. Whatever, this site provides a simple "acid test" to sort out the men from the boys. It appears that the only major browser that passes is Opera 9.

1.9 Help for Windows 98 Users

Last issue I mentioned a collective project I've started to help Windows 98 users migrate to Linux. That's now well underway and I'll be reporting back to you soon. If you need Windows 98 help right now you might like to check out this site recommended by subscriber Randy Blake. As Randy says, "Gizmo, the dedication of the people here is amazing ..."

Got some top sites to suggest? Send them to


2.1 Microsoft Virtual PC Now Free

I've been preaching the security benefits of surfing in a virtual environment for some time now so the recent decision from Microsoft to make available its Virtual PC 2004 product for free is most welcome. Hopefully it will suffer fewer problems than other free virtualization products such as SandBoxie and GreenBorder which, for whatever reason, just won't run on some PCs.

Virtual PC [1], like VMWare [2], allows you to install another "virtual" computer on your real PC. You can use the virtual PC just like a normal computer. The security benefit derives from the fact that virtual PC is corralled off from your real PC so any malware can't affect your real PC. Additionally, you can easily reset the virtual PC to a former pre-infection state thus eliminating the infection entirely.

It all sounds attractive but there's a major qualification. If you use Windows as the operating system for your Virtual PC then you need to buy a separate full copy of Windows as you can't legally use the same copy that's installed on your real PC.

This is a big catch. It certainly makes Microsoft's decision to release Virtual PC 2004 for free seem much less generous: "Hey guys, get this; it's free! Just buy another copy of Windows." :>)

You could, of course, install a free Linux distro like Ubuntu for your Virtual PC. However, if you are going to do that then you might as well use the VMWare Player [2]. It's also free and a better product than Virtual PC. You can't create a virtual PC with VMWare Player; it only allows you to run one that's already been created. But there are many pre-configured machines ("appliances") available for free download [3]. You could also create an appliance using Virtual PC 2004 as VMWare Reader can use Virtual PC images. Free, Windows 2000 SP4 and later, 18.2MB

2.2 How to Build Your Own Web Site for Free

Many folks would like to build their own site but are frightened to get involved with writing HTML. An alternative to hand coding is to use a web hosting service that allows you to use point-and-click tools to create a web site from a template. There are many of these services but the current offering from the Microsoft Office Live Beta service is very tempting. You not only get free site creation tools but also free hosting, five free email accounts plus a free domain name as well. Microsoft claims that if you sign up during the beta, the free hosting will continue even when the product goes live. It sounds like an unbeatable offer but there is a small catch; it's for US based users only. Thanks to subscriber Callie Jordan for letting me know about this. If you want to see what can be achieved using the Microsoft service then check out Callie's own site [2].

2.3 Free Site Offers Online Notes Service

Subscriber R.D. writes, "Gizmo, I was reading your comments about Evernote, a product I use and love but I didn't know if you were aware of Notefish that's rather like an online version of Evernote. Firefox has an extension for it, so you can select something, right click, and send it to Notefish. Actually I like Notefish over Evernote because it preserves the formatting of saved web pages much better." Nice find, R.D. Notefish is a combination notes organizer and web snippet manager that's ideal for researching any topic from your next holiday to a PhD thesis. The fact that the information is optionally shareable only adds to the power. It's free for personal use though registration is required. <= Firefox extension

2.4 A Quality IP Scanner for Nothing

Subscriber Phill Jempson writes "Hi Gizmo, as a long time reader of Support Alert I've often kicked myself for not emailing you about software I've been using and love. In an attempt to remedy this I'd like to let you know about Angry IP Scanner. It's a basic network scanner but one I use nearly every day in my capacity as a network support analyst and always install onto any new PC as well as keeping a copy on my USB flash drive. It's beauty is in it's ease of use. I use it to do quick and dirty troubleshooting scans, like checking to see if a network segment is still up, finding the number of PCs on a subnet etc. It's also a very small, single file which can even be run from the web site. A couple of things I change when I first run it on a new PC are: 1. Go to Options > select Columns and move all available columns into the visible section. 2. Go to Options > Options and set the display to "Only Alive". There are also some useful plugins available from the website." Nice find, Phill. The range of plug-ins is actually quite extensive. These include web and FTP detect modules, Windows shares and DNS aliases and quite a few more. There are even instructions on how to write your own. I just love collecting little tools like this for my tech toolkit. Note: the download link is not well marked on the web site so I've included it here [2]. Free Open Source, Windows (version not stated), 108KB.

** Additional Items in this Premium SE Edition **

2.5 Free Email Filter Impresses

This one is different. Spamato V0.99 is a free Open Source spam filter that uses multiple techniques to detect and remove spam. First, there is a Bayesian filter that "learns" what's spam and what's not. Then there is a collaborative network filter that takes into account what other users have manually classified as spam. A separate filter uses a database to identify known spam. Then there are two filters that check any web links and domains in the email against first, a known database of known spammers and second, against the number of Google references to that domain. Finally, there is a configurable rule filter. Now that's an impressive list. Even more impressive is the fact that Spamato doesn't use server black lists, a common used technique that all too often kills your real email as well as the spam. But the news gets even better. Spamato is written in Java so it's available for multiple platforms including Windows, Linux and OS X. It's also available in multiple versions: as a plug-in for Outlook, as an extension for Thunderbird and Mozilla mail or as a stand-alone email proxy that works with any POP email program. Enthused by these impressive specifications, I tried the Outlook Plug-in version. This version requires the Microsoft .NET Framework V1.1 in addition to Java 1.5. Installation was easy. There's a guide on the web site but the install procedure is sufficiently clear that you hardly need it. Initial performance was mediocre as Spamato, like all Bayesian filters, needs to be taught what's spam. I thought with its multiple filters in addition to the Bayesian the initial performance might be better but this was not the case. With a bit of "teaching" the results improved quickly. I've only been using it for a week now so I won't quote the performance statistics. What I can say is that it is its spam detection rate is looking good. The crunch will be the false positive rate and it's too early yet to tell.

So what are the downsides? First, there are some early version bugs. For example, whenever I close Outlook I get an Outlook error message. It's not that serious, just annoying. Secondly, Spamato is clearly a work in progress - there are a few missing functions and yet-to-be implemented statistics. Third, this is not a product for novices. Training and tuning the filter requires both patience and experience. Furthermore, if you use the proxy version you'll need to know how to reconfigure your email accounts to use the proxy. Finally, this is a Java based product so you can expect it to chew up a lot of CPU resources when processing a lot of mail. On my test PC, a 3.2Ghz P4, it wasn't a problem but it could be a serious issue for users with slow PCs who get a lot of mail.

My conclusion: after a week of usage I'm inclined to think Spamato has the potential to be the best free spam filter yet for Outlook, Thunderbird and Mozilla users. However, it's not quite there yet and I suggest you wait until version 1.00 is released. If you are the type that's prepared to put up with a few bugs and annoyances then do try it. You'll be rewarded with some excellent filtering. Free Open Source, Windows, Linux, OS X, Java 1.5 required, 2.49MB (Outlook version)

2.6 A Free Program that Blocks P2P Users

P2P services can be a real worry. Parents get justifiably concerned about what the kids are downloading while sysadmins tear their hair out when they see their company's bandwidth being soaked up by unauthorized P2P usage. Recently, subscriber Patrick Reynnolds wrote in to tell me about File Sharing Sentinel, a free program that blocks the installation and operation of file sharing programs. I tried it and it certainly works - I couldn't install LimeWire and a copy of Shareaza that I already had installed no longer worked. Furthermore, access to the program is password protected. That's the good news. The bad news is the program can be disabled several different ways: by killing its process with Windows Task Manager, deleting its startup entry and rebooting or simply uninstalling the program. Of course, you need to have admin privileges to be able to do this but then again if your users don't have admin privileges they can't install P2P software anyway. ;>) Overall, a nice free program but too easily defeated for most practical applications. Freeware, all Windows versions, 318KB.

2.7 Finally, Real ActiveX Support for Firefox and Opera

Every Firefox and Opera user is painfully aware that some web sites such as Windows Update simply won't work in their browser. That's because these sites employ non-standard features using Microsoft's ActiveX controls. Such sites require Internet Explorer or browsers like Maxthon and Avant that use the Internet Explorer Engine. Firefox users have a "quick-fix" available in the form of the IETab and IEView extensions that open Internet Explorer from within Firefox. Now there's a more complete solution. Neptune is a plug-in that "embeds Internet Explorer functionality in Mozilla, Opera and Netscape browsers running on any Windows platform with IE 4.0+ installed." Installation entails downloading and running the Neptune executable and then copying the file npmeadax.dll to your browser's plugins directory. For Firefox, that's C:\Program Files\Mozilla Firefox\plugins. Once installed I was delighted to find that Firefox worked at the Windows Update site perfectly. That's all very nice but there is a downside. Because the plug-in uses IE components it potentially opens Firefox to any vulnerabilities in those components. Users will need to weigh convenience against risk. Mind you, if you already using the IETab and IEView extensions then you are already exposed to that risk. Free for use on a single PC, IE4+, 148KB.

Got some favorite utilities to suggest? Send them to


3.1 Microsoft Security News

Patch Tuesday on the 8th of August delivered 12 new security updates [1] nine of which were rated as "critical." In addition to several fixes for flaws in the Windows operating system, the critical patches included updates for Internet Explorer, Outlook Express, Visual Basic for Application and Microsoft Powerpoint. The later MS06-048 [2] is of particular significance as it fixes a very serious flaw in Office, exploits for which are in wide circulation. Equally important is MS06-040 [3] that patches vulnerability in the server service in Windows 2000, Windows XP SP1 and SP2 as well as various Windows 2003 server configurations. Again, exploits are actively circulating so patch as soon as possible. This one is potentially so serious that the U.S. Department of Homeland Security has even issued an advisory warning users and organizations to patch immediately. All the updates are distributed automatically by the Microsoft Update Service. It is extremely important that users who do not have automatic updates enabled visit the Update Service [4] now.
[4] (Requires IE5 or later)

3.2 New Rootkit Ups the Ante

Symantec [1] has released details of a new rootkit labeled Rustock.A that uses a cunning combination of techniques to evade detection by current rootkit detectors. The article lists six techniques employed but the first two are of particular note: First, "Rustock.A has no process. The malicious code runs inside the driver and in kernel threads." Second, "Rustock.A uses NTFS Alternate Data Stream to hide its driver into the \System32:18467" ADS. In addition, this ADS can't be enumerated by ADS-aware tools since it is protected by the rootkit." The Symantec article is worth reading in full; it really gives you a good idea of the sophistication of modern malware. The news is not all bad; F-Secure has already updated their BlackLight rootkit detector [2] to pick up Rustock.A. The cat and mouse game continues.
[1] (

3.3 Top Anti-Spyware Program Suffers New Version Woes

Am I wrong or is security software quality assurance getting worse? This year we have seen major problems with the release of ZoneAlarm V6, Ewido V4, Trojan Hunter 4.5, CounterSpy 1.5 and now WebRoot SpySweeper V5.0. All are top rated products from respectable companies so it's not just slackness. My guess is that modern security products now overlap so much that interactions with other products have become a severe problem. Whatever, I've uninstalled SpySweeper V5 which caused my PC to slow to the point of uselessness and have gone back to V4.5 which is working like a charm. And I'm not alone.

3.4 Yet Another Firefox Update

These proactive security updates are coming thick and fast. The latest V1.5.0.6, covers 12 potential flaws, seven of which are rated as critical. The update also includes some improvements to product stability and Dutch language enhancements. To my knowledge there are no current exploits in circulation that utilize any of these flaws. However, it is essential that you update as the baddies routinely reverse engineer security updates to identify flaws to exploit in unpatched machines. Users with Firefox automatic updates enabled should have had the new version automatically delivered and installed. You can check by selecting Help/About from within Firefox. If your version number is less than then update manually from here:

3.5 Controlling Microsoft Windows Genuine Advantage Hassles

A couple of months back Microsoft used the Windows Update service to secretly download the Windows Genuine Advantage program (WGA) onto your PC. This program checks to see if you have a genuine copy of Windows. If the WGA program doesn't think you have, then you are plagued with warning messages and worse, your ability to use the Windows Update site is restricted. Now, I have no sympathy for software pirates but I don't like having programs installed on my PC without my permission. Nor apparently do tens of millions of other folks who, like me, have disabled automatic updates and now choose manually which updates to install. But that's not the end of the problem. Apparently the WGA program is wrongly identifying a number of genuine Windows systems as illegal. One report puts this figure as high as 10%, though this sounds way high to me. Microsoft has conceded there have been problems and have issued two updates to the WGA program, again secretly delivered via the Windows Update service. They also have a web page dedicated to problem solving [1]. Many affected users have taken a more direct route and disabled WGA using specially written utilities. Here's a link [1] to one such tool that uses different techniques to remove the WGA depending on the version installed. I have no way of testing this product so use at your own risk.


4.1 Attractive Deals for Big Hard Drives

Want some cheap storage for your media files? is offering an external 500GB drive in a USB 2.0 enclosure for $189.95 after a $30 mail-in rebate [1]. Need to speed up an older PC? NewEgg [2] has the internal OEM version of Seagate's zippy 320 GB Barracuda 7200.10 for $89.99 if you use the coupon code, "buybarracuda."

4.2 Free Creative Activities for Young Children

Feel your kids could be doing something better than watching TV? Then check out this free weekly newsletter packed with easy craft activities for pre-schoolers. The activities look like real fun and use common household items so they won't cost a cent. This non-commercial newsletter is clearly a labor of love by the young mother who edits it and the cause is totally worthy. So worthy I've decided to support it by offering a bit of free promotion on my web site. I hope you'll support it, too, either by signing up or sending this link to someone with young children. If you have a web site maybe you could link to the site or if you are a forum or chat group member then maybe you could mention it. I just love things like this; it's what makes the internet so wonderful

4.3 Test Your Web Design in 20 Different Browsers

Getting a web page to look the same in every browser is a near impossible task. Discover just how hard by using this free service that allows you to see how a web page looks in more than 20 different browsers. You can also see the effect of varying screen resolution and color depth as well as turning off JavaScript, Java, Flash and media plugins. It all takes a little time to run but that doesn't diminish the value of the service.

4.4 Help for Color Blind PC Users

Subscriber Richard Hendricks writes, "Gizmo, I am red/green color blind and I have found this $8 shareware product [1] very helpful. It displays the name of the color of the pixel that the mouse is over. It also can display the RGB values which I have found helpful with web development and graphics editing." Thanks for that, Richard. The product described by Richard may sound clumsy but it could be a boon to sufferers. Color blindness is surprisingly common. The incidence varies between countries and even regions but figures of 5-15% of the male population are common. It is much rarer in females. You can test online whether you are affected at this site [2]. Given color blindness is so common, it's something you need consider in web site design. You'll find some guidelines and resources here [3], [4]. Shareware, $8, all Windows versions, 348KB.

4.5 How to Take Great Digital Photos in Poor Light

We've all tried to take photos in situations with difficult lighting; too much, too little or worst of all, both. However, there is a clever way of getting around this called High Dynamic Range Photography (HDR) that involves melding together several shots using a digital editor. I tried it and it works wonderfully. Full details here:

4.6 Codecs for Anime Fans

Subscriber Joe Souza writes, "Gizmo, I watch a lot of fan sub anime, and some of the codecs they use are hard to play. But as suggested by some of the sites that I go to a lot for anime, I use the CCCP or (Combined Community Codec Pack). It does work great, plays everything except quick time and real, and includes Media player classic and zoom player in the installation. " (Wiki)

4.7 Useless Waste of Time Department

Test your reaction time with this silly game where you need to shoot a tranquilizing dart at some errant sheep. My rating was er, "Sluggish Snail." Maybe I need a few hours sleep or a bucketful of coffee ;>)

** Additional Items in this Premium SE Edition **

4.8 Twenty Ways to Secure Your Apache Server

Nice list of simple Apache configuration changes that can really improve your server security.

4.9 Give Your PC a Free Checkup

Subscriber Dougie Quinn recently wrote to tell me how much he liked It's a great site and one I've mentioned before in the newsletter, though the latest version is just bristling with new free online tools. They range from firewall security auditing through to a first class download speed test.

4.10 Free Multi-Format Document Viewer

I'm receiving an increasing number of documents in .odt format, one of the native formats used by OpenOffice. I located this free viewer offered by the developers of the TextMaker word processor that allows me to read the documents without installing OO. It also handles several other formats including, .doc, dot, .tmd, .sxw, .rtf, .psw, .pwd and more. I had to set the file associations manually but that's no problem. Freeware, 4MB


5.1 How to Backup the Windows Registry

In simple terms the Windows Registry can be thought of as a file containing an extended inventory of all your PCs hardware and software.

When Windows starts up it consults the Registry in order to know how to relate to your specific hardware and software.

It's a file that's essential to Windows. If it gets corrupted Windows won't be able to function properly.

And it does get corrupted; rather too often actually. That's why it's good practice to have a backup copy.

Easy, you say, I'll just copy the file to another location.

In Windows 95, 98 you can do just this. The Registry consists of two files system.dat and user.dat located in the Windows folder and you can simply copy these to another folder to create your registry backup. ME adds a third file, classes.dat, but it too can be simply copied.

This simple approach won't work with Windows NT and later versions as the Registry files are locked by the system and can't be easily copied.

Windows addresses this by providing automatic backup of the Registry as part of the automatic System Restore feature. This feature is enabled by default when Windows is installed.

If you have left the System Restore feature enabled on your PC then your Registry is automatically being backed up. If it gets corrupted Windows will automatically try to recover it from previous restore points.

However, many users, me included, turn the System Restore feature off as it is a notorious disk space hog. Once turned off, your Registry is no longer being backed up.

Thankfully, there are a number of utilities that will back up your Registry. One of the best is also free. It called ERUNT.

ERUNT (Emergency Recovery Utility for NT) will backup the Registry for all Windows systems from NT onwards. It also allows you to recover from backup either through a special recovery program or through the Windows Recovery Console.

And it's fast, very fast.

With ERUNT it's also possible to set up automatic Registry backups using the Windows Scheduler.

As a bonus, ERUNT includes another utility NTREGOPT that allows you to defragment your Registry. To be frank, I've never myself seen any performance improvement from registry defragging but then again it does no harm either.

ERUNT is easy to use but it's not intended for raw beginners. Raw beginners will most likely have System Restore enabled anyway so they won't need to back up their Registry.

Freeware, Windows 95 and later, 773KB


6.1 The Best Free Anti-Virus Scanner

This is good news for all users of free software. In a new initiative, AOL is now offering a free version of the excellent Kaspersky anti-virus program for download. It's been re-branded as "AOL Anti Virus Shield" and it's available to everyone, not just AOL users. What's exciting about this is that Kaspersky AV is one of the best commercial AV programs available and a clearly superior product to other free AV scanners such as AVG and Avast! To get a quality product like this for free sounds almost too good to be true.

And so it is. Anti Virus Shield has some reduced features compared to the commercial Kaspersky version. Missing is KAV's sophisticated heuristics module and HTML scanning. Gone, too, is the ability to create rescue disks and to fully manage the quarantine area. The configuration options are also more limited.

But the key features, the powerful KAV file scanner, real time monitor and email scanner are essentially the same. Automatic updates remain and can be configured to take place hourly.

I've been trying it out on a test PC for a couple of days and have been quietly impressed. On my malware test data set the scanner detection rate was identical to the full KAV. Similarly, the real time monitor captured new infections just as well.

Bear in mind, though, my test data set was small. On a more comprehensive set I'd expect KAV to perform better than AOL AVS as it has a heuristics module for the detection of new and unknown viruses that's missing in AOL AVS.

The protection provided by AOL AVS against drive-by web sites was less impressive. KAV provided protection against infection for all three sites tested while AOL AVS flunked on two. This result can probably attributed to the omission of the KAV web scanner.

The AOL AVS update function works really well. I've been getting several updates daily and the downloads have been at a similar speed to the full KAV - a much more impressive performance than either AVG Free or Avast!.

I do have some concerns, though these are not really technical.

Let's start with the AOL AVS license agreement (EULA). To download the product you need to provide a valid email address. The EULA makes it quite clear that AOL has the right to send its promotional material to this address. That's OK but disturbingly; they also claim the right to provide your email address to their affiliates. How many, well it's not stated but one can only wonder.

The other worrying aspect is the license is only provided for 12 months. AOL has made no statements to clarify whether this will be renewed.

A quite separate issue is that the AVS install also installs the AOL search toolbar in Internet Explorer. Now, it's a pretty decent search toolbar actually but I do like to have the choice what I install. Still, it is possible to uninstall it using Windows Add or Remove Programs.

So how does it shape up compared to the other free AVS scanners, AVG Free and Avast!? Well, it's early days yet but my feeling is the AOL scanner provides better detection than both AVG Free and Avast! while at the same time using roughly the same level of resource usage. Additionally, it is more regularly updated.

However both AVG Free and Avast! provide better protection against drive-by download sites than AOL AVS. In my tests of three drive-by download sites, AOL AVS allowed infection in two out of three cases while AVG and Avast! prevented infection in all three. That's a big difference.

So you have a choice. If you visit a lot of weird sites in the nether regions of the web then stick with Avast! or AVG. If you mainly surf to well known sites then AOL AVS is a real option.

Remember though, you still have to live with the AOL AVS licensing agreement.

Free software, Windows 98 and later, 13.9MB.

** Bonus Freebie for Premium Edition subscribers **

6.2 Free Programs to Test Your PC's Security

Subscribers regularly email me asking how they can test the adequacy of their computer security. There's no shortage of specialized security test programs available but I find that they often alarm or confuse non technical users. Indeed, the most common response I get when I recommend such a product is, "Hey Gizmo that program you suggested to me is infected with a virus." I then have to patiently write back and say, "No, the program is just testing the protection provided by your anti-virus software." I'm not kidding, it's true!

If you really want to test your PCs, here are two programs, "Scoundrel Simulator" [1] and "PC Security Test 2006," [2] that are easy-to-use and completely safe to download and install. They are relatively simple tests but still useful. And remember folks, there is no reason to get worried if these programs provoke a warning from your security software. Indeed, you should only get concerned if you DON'T get a security warning. ;>)

If you want to run some more tests, you can use the same programs I used for my recent security tests. You can find download links to each test I used in the actual test documentation [3]. These tools are designed for experienced users so please don't play around with them unless you know what you are doing. And please don't ask me for malware samples or links to hostile sites. It would be irresponsible for me to supply these to anyone outside the security industry.

[1] (300KB)
[2] (850KB)


The best way to manage your Premium SE Edition subscription is from the Supporters' Area of the Support Alert website. There you'll also find all individual back issues, a downloadable back issue archive, an extensive FAQ plus a growing list of resources exclusively available to Supporters.

The Supporters' Area is protected. To log-in, use the security information sent to you when you first subscribed or as notified subsequently.

If you no longer wish to receive this newsletter, send me an email at Remember to state the email address at which you are currently subscribed.

Receiving duplicate issues? If you are receiving an unwanted copy of the free edition of this newsletter, you can cancel that subscription by going to one of following links:

Plain Text:

Enter your email address. No password is needed. You can then cancel your free subscription.

Note that the free and paid editions are totally different publications so you can unsubscribe to the free edition without any chance of impacting your paid subscription.

The 46 Best-ever Freeware Utilities

The Extended List of the Latest Freebies

For lots more free IT newsletters see

Thanks to subscriber A. Belile for proofreading this issue.

You can contact this newsletter by snail mail at:
Support Alert
PO Box 243
Comstock Park, MI 49321-0243 USA

Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright, 2006

See you next issue

Ian Richards