gizmo richards' support alert newsletter

"Gizmo's top picks of the best
tech resources and utilities"

Premium Edition
Issue
146, 21st June, 2007

If you experience problems reading this issue in your email program you can read this issue online from the Supporters' Area here: http://www.techsupportalert.com/supporters/private.htm

IN THIS PREMIUM ISSUE:

0. EDITORIAL: USB Computing - the answers to your questions

1. TOP TECH SITES AND RESOURCES
1.1 How Does Your Firewall Rate?
1.2 Utilities that Work with Vista
1.3 Free Web Based Applications
1.4 The Great Defrag Shoot-out
1.5 How to Permanently Wipe a Hard Drive
1.6 Portable Software Lists
1.7 Free Online Services Offer RoboForm-like Functionality (Premium Edition)
1.8 How to Reduce Your Spam (Premium Edition)
1.9 Free Service Monitors Website and Server Uptime & Performance (Premium Edition)
2. TOP FREEWARE AND SHAREWARE UTILITIES
2.1 How to Mute Unwanted Website Sounds
2.2 Compress Your Files to the Max
2.3 Free Portable Media Player Tops Its Class
2.4 Using a USB Drive as a Laptop Replacement
2.5 Symantec Norton 360: First Impressions
2.6 Get Acronis True Image for Free (Premium Edition)
2.7 The Best Free Memory Optimizer (Premium Edition)
2.8 An Easy Way to Re-organize Your MP3 Files (Premium Edition)
3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Microsoft Security News
3.2 Firefox Updated to V2.0.0.4
3.3 No More Updates for Firefox V1.5
3.4 Serious Flaw in Yahoo Messenger
3.5 New QuickTime Security Patch Underscores Need to Keep Programs Updated
3.6 How to Protect Your PC Against Hostile Sites, Browser Flaws
3.7 Goggle's Security Blog Hints at the Future
4. OTHER USEFUL STUFF
4.1 Good Deals on USB Flash Drives
4.2 Free Utility Helps Your PC Conserve Power
4.3 The Next Big Thing?
4.4 Good Guide to Modern Website Design
4.5 Useless Waste of Time Department
4.6 Site Keeps You Informed of Freeware Updates (Premium Edition)
4.7 Is Your Flash Drive Compatible With Vista? (Premium Edition)
4.8 Eset Offers NOD32 for Free (Premium Edition)
5. TIP OF THE MONTH
5.1 How to Improve Your Security When Using a Public Terminal (Part 2 of 3)
6. FREEBIE OF THE MONTH
6.1 Notepad on Crack
6.2 The Best Free Desktop Publishing Program (Premium Edition)
7. MANAGING YOUR SUBSCRIPTION

0.0 EDITORIAL

Last months editorial on using a USB flash drive as an alternative to a laptop created a flood of user queries. This month I'll try to answer your three most common questions:

What kind of USB flash drive do I need?

Forget about that old 256MB USB 1.1 drive you got for your birthday two years ago, you are going to need a fast USB 2.0 drive. The fastest you can afford.

To run applications from your USB flash drives you need a drive with the highest possible read data transfer rate otherwise you are going to get frustrated by the time it takes your programs to load.

Fast drives can cost a few dollars extra than slow drives but it's money well spent as a fast drive can load programs more than ten times more quickly than a slow drive. As a rule of thumb a fast drive is one with a read rate of more than 15 Mbs. Here are the manufacturer's stated read rates for some of the faster drives around:

Corsair Flash Voyager GT 34Mbs
Memina Rocket 30Mbs
Lexar JumpDrive Lightning 30Mbs
OCZ Rally 2 28Mbs
Kingston Data Traveler Secure 24Mbs
SanDisk Cruzer Titanium 15Mbs

Only buy a genuine USB 2.0 drive. Don't buy a drive that is the older USB 1.1 standard or one marked as "USB 2.0 Compatible." These drives drive are simply not zippy enough for running applications.

Drive capacity is less important than speed. In fact to run a full suite of applications you really don't need much bigger than 512MB. But large flash drives are now so cheap it would seem a folly to buy anything less than 2 GB.

Should I buy a U3 drive?

It's not that important. You can setup a great portable system using either a U3 drive or a standard drive. In fact many portable apps are available in both U3 and non-U3 versions.

U3 smart drives are those that comply with the U3 mobile computing standard set down by U3 LLC (www.u3.com), a consortium of vendors lead by Sandisk. The main idea behind U3 was to develop a platform where programs could run independently on USB drives without leaving any trace on the host PC. The U3 standard also provides for a user menu (the Launchpad) that pops up when the USB drive is inserted into a host and it also mandates password protection.

It's a great idea in principal but in practice there are not a lot of programs around that are written for U3. Indeed some software authors have avoided writing for U3 as they feel it is a proprietary standard. Furthermore there have been a lot of reports that U3 drives simply won't work with particular host PCs.

The Launchpad is no big deal; you can do that from non U3 drives using different techniques. And even the password protection is not foolproof; it simply stops the Launchpad being run and doesn't adequately prevent access to the unencrypted data partition.

Remember too that U3 drives will only work with Win2K SP4, XP and Vista. Older Windows operating systems Mac OS, Linux, and Unix are not supported. That's quite a limitation, particularly when using public terminals.

Don't get me wrong; U3 applications on U3 drives can work wonderfully well. It's just that you don't really need U3. It's just an option. Me, I bought a non-U3 drive as it was cheaper and promised fewer complications.

If you can get a good deal on a U3 smart drive then take it. Besides if you strike problems it's easy to convert it to a standard drive. Just uninstall U3 from the Settings option within the Launchpad. You can also re-install U3 later if needed, by following the instructions on the U3 website.

It's easy to lose a USB drive. What then?

You need to be prepared for the fact that one day you are going to forget to unplug your flash drive from a public PC, leave it on a table, lose it from your pocket or whatever. Losing your drive may mean you no longer can access your email, favorite websites, passwords etc. This may mean zip to some folks but for many others including me, it could be a disaster.

I handle it by having a separate backup flash drive that I carry around in a different location to the first. I keep the two drives synchronized using a free portable syncing program called Allway Sync 'n' Go Given the low cost of flash drives a spare drive is the best solution. If you can't afford a second drive you can use Sync 'n' Go to backup your flash drive to your PC.

Replacing your USB drive is one problem but what happens to your confidential data on the drive that has been lost is another.

If you are really worried about the implications of someone else getting access to your files then buy a flash drive that controls access with an inbuilt fingerprint scanner. Furthermore, test that it works.
Even if your drive didn't come with a fingerprint scanner it probably came with some form of encryption software. Mine did though the only way I found out was by looking though all the folders that were on the drive when I bought it.

Note that many standard encryption programs including the popular open source TrueCrypt, require administrative rights on the host PC. That's probably not an issue with your own computers but could be an insurmountable problem if you are using a public terminal almost all of which run limited user accounts that don't have admin privileges.

If your USB drive didn't come with an encryption utility I suggest you adopt a simple but usable solution rather than complicate life with fancy encryption utilities. Personally I use IZArc2Go. It's not an encryption program but an archiver similar to WinZip. However like the more recent versions of WinZip, it allows you to password protect archives using 256 bit AES encryption that is virtually unbreakable. IZArc2Go is also totally portable, doesn't require admin privileges to run and is free. Besides it's always handy to have an archiving program on your USB stick just in case someone sends you a RAR file or other archive format not supported by Windows.

For complete security you need to use a secure file eraser along with IZArc2Go to erase the originals of your private files once they have been encrypted. If you don't use a secure erase utility it's quite possible for someone to un-delete your deleted files. I recommend UltraShredder for secure erasing; it's free, portable and easy to use.

Here's how you can encrypt your flash drive files:

First run IZArc2Go from your flash drive then drop and drag all your sensitive data files into the IZArc2Go window. Accept the default ZIP archive type and under "encryption" select AES - 256 bit from the drop-down list. You will then be asked to enter and re-enter your password. Then press "Add" to start the archiving. Once all your files have been archived, securely delete the originals. You can do this by starting up UltraShredder from your USB drive then dragging and dropping the original files into UltraShredder's window.

Once you have created an encrypted archive, IZArc2Go allows you access and manage your data from within the archive so mostly you won't need to unpack the archive to get to your data. However if do need to access the data from another program then just enter your password and unpack the files you need by dropping and dragging them from the archive to a convenient folder on your USB drive. Remember though to securely delete the unpacked files using UltraShredder when you have completed your session.

OK that's it for now. If you want to learn more about portable applications check out Briard's article in item 2.4 below.

See you next month

Gizmo
supporters@techsupportalert.com



1.0 TOP TECH SITES AND RESOURCES

1.1 How Does Your Firewall Rate?
At this site they test all the major firewalls using leak-tests. Now outbound leak-testing is only one criterion for assessing firewall performance indeed some would argue that inbound protection is more important. My view is that both are important as are user friendliness, resource usage, software compatibility and resistance to termination by hostile agents. That said Comodo, Jetico and ZoneAlarm Pro top he list while the Microsoft XP SP2 firewall get the wooden spoon. ZoneAlarm free was another notable poor performer.
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

1.2 Utilities that Work with Vista
If you use Vista you will already have discovered that many of your favorite freeware and shareware utilities won't work with Vista. At this site they claim they only list utilities that will work. Note: despite the site's name, a good proportion of the products listed are commercial shareware not freeware.
http://www.freevistafiles.com/

1.3 Free Web Based Applications
In recent issues I've mentioned how web based application may one day replace some of the programs currently running on your PC. Here's a list of just some of the products and services available.
http://tinyurl.com/2dztm8 (cogniview.com)

1.4 The Great Defrag Shoot-out
One of the best comparative reviews of defragmentation utilities I've seen. I don't agree with all the author's comments but hey, everyone is entitled to their opinion.
http://donnedwards.openaccess.co.za/2007/04/great-defrag-shootout-part-1.html

1.5 How to Permanently Wipe a Hard Drive
Most users are aware they can securely erase files and drives using free utilities like "Eraser" [1] and "Boot and Nuke" [2] that overwrite the data multiple times. At this site [3], suggested by subscriber Chris Price, they show how you can securely wipe a drive using a little-known feature built into many hard drives.
[1] http://www.heidi.ie/eraser/
[2] http://dban.sourceforge.net/
[3] http://blogs.zdnet.com/storage/?p=129&tag=nl.e622

1.6 Portable Software Lists
There are lots of these lists; none is complete but here are two of the best. The first covers free software while the second includes commercial products as well.
http://www.portablefreeware.com/
http://en.wikipedia.org/wiki/List_of_portable_software

** Additional Items in this Premium SE Edition **

1.7 Free Online Services Offer RoboForm-like Functionality
Securely storing your passwords and other sensitive data at an online web service has lots of advantages: It's free, secure and you can access your password and other information from any PC. On the downside you have to trust the web service provider and in the event of a security failure, you risk having all your eggs in the one basket. I've looked at two services, PassPack [1] and Clipperz [2]. Both are impressive but I found PassPack easier to use while Clipperz had a more impressive set of features including offline capabilities. Be warned though, figuring out how to use Clipperz full set of features took me half a day! It's early days for these services but they offer a viable though slightly clunky alternative for those not prepared to buy RoboForm.
[1] https://www.passpack.com/info/home/
[2] http://www.clipperz.com/

1.8 How to Reduce Your Spam
Including your email address on a web page, a blog or web forum will almost certainly result in you being spammed. Here's a free web based service [1] that will encode your email addresses to reduce spamming. Thanks to subscriber Michael Woodruff for the suggestion. An alternative to using a web service is to download this free utility [2] that performs the email address encoding on your own PC. Yet another option is to display your email address as an image file rather than as text. You can create your own email graphic for free here [3].
[1] http://www.syronex.com/antispam/
[2] http://natata.hn3.net/antispam_encoder.htm
[3] http://www.3dtextmaker.com/image_editor.html

1.9 Free Service Monitors Website and Server Uptime and Performance
For the last few years I have been using master.com to monitor my website uptime. It's a free service and I've been quite happy with it. However I've just switched over to a different free service [1] at a site suggested JW. They offer a more comprehensive service than master.com with better statistics, coverage of servers, mail servers and other network attached devices not just websites. They also offer RSS and email notification in the event of service failure. The same site offers website stats and visitor tracking as well but I'm happy to leave this to Google Analytics which just keeps getting better and better.
[1] http://mon.itor.us/
[2] http://www.google.com/analytics/

Got some top sites to suggest? Send them to: supporters@techsupportalert.com

2.0 TOP FREEWARE AND SHAREWARE UTILITIES

2.1 How to Mute Unwanted Website Sounds
Subscriber Rodney Green writes "Gizmo, in issue #145 of your newsletter a reader mentions that they hate it when a website starts playing music. I found an application called FlashMute [1] that works well for muting sound from Flash movies in Internet Explorer, Firefox and a few other browsers." Nice suggestion Rodney, FlashMute is a great way of overcoming a common annoyance but it won't stop HTML based sound used on many sites. To do this you need to consider other option. For example Internet Explorer allows you turn off all webpage sound from the Advanced tab within Tools /Internet options however I find this very inconvenient as sometimes you want to listen to web audio. Firefox doesn't even offer an audio mute option at all but there is a free Firefox extension called Stop AutoPlay [2] that is designed specifically for the job. It works by adding a browser button that rather conveniently allows you to play or mute at will. It doesn't stop Flash sound files but if you use FlashMute in addition to Stop AutoPlay you have a pretty complete solution to all unwanted web sound.
[1] http://www.indev.no/?p=projects#flashmute Freeware, Windows 98-XP, 233KB
[2] https://addons.mozilla.org/en-US/firefox/addon/1765

2.2 Compress Your Files to the Max
ZIP may the most common algorithm for compressing files but it's far from the most effective. The Open Source 7-ZIP for example offers higher compression for most files but there are specialist archive formats that offer higher still. I was however a little shocked when subscriber "Panzer" wrote to tell be about the free KGBArchiver which he heard, could compress Microsoft Office from 1.5GB down to 2MB! On testing, KGBArchiver V1.21 proved to be a competent well implemented archiver offering 10 different levels of compression using the PAQ algorithm. Archives are created in .kgb format. It also can create self extracting archives, supports ZIP, has drag and drop, a right click context menu and a few other niceties. It's not really a substitute for WinZip or IZArc but a specialist product aimed at those seeking to compress files down to the smallest possible size. I ran some test for different types of files with KGBArchiver set at its default compression setting and at its "Extreme" setting, its second highest. I couldn't run it at its "Maximum" setting as I was told my computer's 1GB of memory was insufficient. Here are the results along with some other popular archive formats for comparison:

File type Source Zip Rar 7Zip KGB KGB
          Default Extreme
Plain text file (.txt) 1176 KB 118 104 96 118 67
Word document (.doc) 441 KB 376 247 245 244 243
Video file (.WMV) 629 KB 619 619 623 617 616
Program file (.exe) 5867 KB 5809 5815 5873 5804 5798

At its default setting KGBArchiver performed competently but on average, no better than WinRAR or 7-ZIP. At its "extreme" setting it did a great job at compressing plain text files but struggled to squeeze anything more out of the other file types. Before you get too enthused let me tell you that KGBArchiver seemed to take forever to compress files at the "extreme" setting. The 5.5MB .exe file took nearly 7 minutes and a similar time to extract while by comparison WinZip did it in 4 seconds and WinRAR in 9. Furthermore KGBArchiver consumed my computer's entire CPU and memory resources while compressing. So is it worth it? Not for most users. However sysadmins and archivists with large text files to store (and plenty of CPU time) should at least check it out. Freeware, Windows 2000-Vista, 1.02MB
http://kgbarchiver.net

2.3 Free Portable Media Player Tops Its Class
In the Premium Edition of issue #144 I mentioned "The KMPlayer" portable media player. My main focus at the time was the fact that you could use it on a USB stick but the feedback I've received has been so positive that KMPlayer may well be a strong candidate for the "Best Free Media Player." Here's the original item from #144: Subscriber Brian Treusch writes "Gizmo, I came across this freeware media player called "The KMPlayer" that can either be run from a thumb drive or installed. It supports numerous formats including DVD playback. After using it for a while, it has become my favorite player. Goodbye Windows Media 11!" I'd never heard of this Korean player Brian, but boy am I impressed. It comes with a whole batch of inbuilt codecs and support for external codecs as well. In the audio area it supports AC3, DTS, LPCM, MP2, MP3, Vorbis, AAC, WMA, ALAC, AMR, QDM2, FLAC, TTA, IMA ADPCM, QCELP, EVRC, RealAudio and more while with video you can play DivX, XviD, Theora, WMV, MPEG-1, MPEG-2, MPEG-4, VP3, VP5, VP6, H263(+), H.264(AVC1), CYUY, ASV1/2, VQ1/3, MSVIDC, Cinepak, MS MPEG4 V1/2/3, FFV1, VCR1, FLV1, MSRLE, QTRLE Huffyuv, Digital Video, Indeo3, MJPEG. To have these features available on a thumb drive is quite extraordinary. Freeware, Windows 98-2003, 12.3MB.
http://www.kmplayer.com/forums/index.php
http://www.kmplayer.com/forums/showthread.php?t=4704<= Link to download

2.4 Using a USB Drive as a Laptop Replacement
Regular contributor "Briard" takes a break from the world of Linux and instead explores the potential of Windows flash drive computing.
http://www.techsupportalert.com/briard_in_usbland.htm

2.5 Symantec Norton 360: First Impressions
I used to be a great admirer of Norton Antivirus. Indeed I used it myself for years. While it's effectiveness in detecting viruses has never been in doubt it acquired over the years a reputation as a resource hog. Each successive version seemed to cause your PC to run slower and slower. Around 2004 it got so bad that I gave the product away and migrated to NOD32. I was not alone; thousands of knowledgeable users abandoned Norton AV and Norton Internet Security Suite for more resource efficient security products. Symantec's response was to initiate a project called "Genesis" to create a new security product from scratch. This was to be a ground up re-write rather than a revamp. Furthermore this new product would not only include anti-virus capabilities but anti-spyware detection, rootkit detection, behavior based malware analysis, phishing and malicious site blocking, a stateful firewall, backup and more. It was an ambitious project but a worthy one. Despite the pressing need I'm not aware of any other security vendor who has totally re-written their core product. Most just enhance their existing products and bolt on additional modules leading to every larger, more unwieldy and less efficient products. Project Genesis gave rise to Norton 360 [1] that was released earlier this year. Early reviews [2], [3] have been glowing and suggest that Symantec has indeed succeeded in creating a product that is effective, resource efficient and user friendly. Norton 360 is an end-user product so I though I'd ask end-user Rick Farrow to check it out. Full assessment will have to wait until the new anti-malware engine is tested by a  certification lab like AV Comparatives. Meanwhile you can read Rick's report here [4]. Commercial software, $69.99 for up to 3 PCs, 15 day trial, Windows XP - Vista, 49.4MB.
[1] http://www.symantec.com/norton360/
[2] http://www.pcpro.co.uk/reviews/110678/norton-360.html
[3] http://reviews.cnet.com/internet-security-and-firewall/norton-360/4505-3667_7-32330411.html
[4] http://www.techsupportalert.com/review-norton-360.htm

** Additional Items in this Premium SE Edition **

2.6 Get Acronis True Image for Free
Thanks to all the subscribers who wrote in about the Inquirer article [1] which points out that the free Disc Wizard utility from Seagate and Max Blast 5 from Maxtor are both re-branded OEM versions of the class leading Acronis True Image disk imaging program. That's quite a deal; the only catch is these utilities will only work with Seagate and Maxtor drives.
[1] http://www.theinquirer.net/default.aspx?article=39779

2.7 The Best Free Memory Optimizer
Windows XP has excellent memory management and for the most part you don't need a third party memory management product. I've tried a few free memory managers but none has impressed me enough to allow recommendation. Until now that is. FreeRAM XP is a memory manager that not only works but also doesn't seem to cause problems; a rare combination. It ticks away in the background consumes few resources and does genuinely free up a bit of memory when you ask it to. It can also be configured to automatically free up memory. Does freeing up memory improve performance? On both my test system and personal laptop it didn't make much difference in actual performance. Still all my systems are XP and have 1GB plus. Maybe on older PCs with less memory or when using applications like PhotoShop that eat up a lot of memory it may make a difference, I can't say. What I can say is that FreeRAM XP caused no problems. Is it worth it the effort? Clearly the answer depends on your system so try it and see if it helps. Thanks to Tony Bennett for the suggestion. Note: The vendor's website was down when I tried but you can get it from here [1]. Freeware, Windows 95-2003, 606KB.
[1] http://www.download.com/FreeRAM-XP-Pro/3000-2086_4-10070530.html

2.8 An Easy Way to Re-organize Your MP3 Files
ReOrganize! [1] is a free program that allows you to easily change the track order on over 250 different types of MP3 player [2]. Tracks can be moved around manually or can be sorted in a specific order automatically. ReOrganize! supports ID tags and can also acts as a basic MP3 player. Thanks to Stewart Robertson for the suggestion. Freeware, Windows version support unstated but Media Player or later is required, 664KB.
[1] http://www.oliver-frietsch.de/reorganize/?lng=en
[2] http://www.oliver-frietsch.de/reorganize/complist/index-send.php?lng=en

Got some favorite utilities to suggest? Send them to supporters@techsupportalert.com


3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES

3.1 Microsoft Security News
In the last month a new series of JavaScript related flaws were discovered in Internet Explorer [1]. These flaws could be exploited even if fully patched version of IE 6 and 7 and allow a hostile website to take control of an affected PC. A related flaw was also found in Firefox. As of today these flaws remain unpatched.

These flaws highlight yet again that you cannot rely on regularly applying Windows and other vendor updates to protect your computer when surfing. Always surf in sandbox or with your browser running with reduced rights. See item 3.6 below.

Patch Tuesday the 12th of June saw the release of six security updates from Microsoft, four of which were rated "Critical." The critical updated covered flaws in Windows, Internet Explorer, Outlook Express and Microsoft Mail. Another flaw rated "moderate" affected Vista systems and could allow "non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system."

Further details of the June updates can be found here [2]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and you will need a considerable period of time online for them to download successfully. If you have any doubts whether you have received the updates, then visit the Microsoft Update Service [3] now.
[1] http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html
[2] http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
[3] http://update.microsoft.com (Requires IE5 or later)


3.2 Firefox Updated to V2.0.0.4
Mozilla released a performance and security update for Firefox on the 30th of May. The new version 2.0.0.4 has better Vista compatibility and fixes five security flaws one of which was rated as "critical." Also released were the corresponding updates for the older Firefox V1.5, Thunderbird and the SeaMonkey Suite. To my knowledge there are no current exploits in circulation that utilize these flaws however, it is essential that you update now as the malware developers routinely reverse engineer security updates to identify flaws to exploit in unpatched machines. Users with automatic updates enabled should have had the new version automatically delivered and installed. You can check by selecting Help / About from within Firefox. If your version number is less than V2.0.0.4, then update manually from here [1]:
http://www.mozilla.com/firefox/

3.3 No More Updates for Firefox V1.5
Support for the old V1.5 version of Firefox was discontinued by Mozilla at the end of May. V1.5 users should upgrade to V2 as soon as possible any newly discovered flaws in the old version will not be patched. Starting from June 7th users with the automatic update service enabled will be advised of the upgrade. Other users should upgrade manually here:
http://www.mozilla.com/en-US/firefox/

3.4 Serious Flaw in Yahoo Messenger
A critical buffer overflow flaw was discovered in the popular Yahoo Messenger instant messaging product. The flaw could allow a hostile website to take full control of a vulnerable PC. The flaw affects all versions of Messenger from 5.5.0 through to 8.0.0. All users should upgrade immediately to version 8.1.0.401 available from here [1].
[1] http://messenger.yahoo.com/

3.5 New QuickTime Security Patch Underscores Need to Keep Programs Updated
A patch for QuickTime 7.1.6 was released by Apple on the 29th of May to cover a Java Extensions flaw that could allow a PC to be compromised by simply by visiting a hostile website. Affected systems include Windows 2000 SP4, Windows XP SP2, OS X v10.3.9 and v10.4.9. The Windows patch can be downloaded from here [1]. This flaw highlights the need for users to keep all the software on their PC up-to-date not just Windows and Office. You can easily check all your products by using the free service Software Inspector service [2] over at Secunia.
[1] http://www.apple.com/support/downloads/securityupdatequicktime716forwindows.html
[2] http://secunia.com/software_inspector/

3.6 How to Protect Your PC Against Hostile Sites, Browser Flaws
Recent reports from Google [1] and Sophos [2] have highlighted the rapid increase the number of hostile websites. These sites use flaws in popular browsers as well as Windows to secretly infect anyone who happens to accidentally visit them. Keeping all your products up-to-date reduces your risk of infection but increasingly these hostile sites are exploiting new or unpatched flaws to attack visitor's computers. It's not hard to protect your PC against these threats: surf from within a sandbox such as Sandboxie or alternatively run your browser with reduced rights. To help you I've written a short how-to guide [3] that's now on my website. If you are not yet using these protective techniques I strongly recommend you read this guide and adopt its recommendations.
[1] http://googleonlinesecurity.blogspot.com/
[2] http://www.securecomputing.net.au/news/53424,number-of-infected-web-pages-soar.aspx
[3] http://www.techsupportalert.com/safe-surfing.htm

3.7 Goggle's Security Blog Hints at the Future
I found this blog [1] quite informative, particularly the observation about the potential vulnerability of virtualization based security products. With the appearance of this blog and the recent purchase of the company that makes the GreenBorder sandbox, it looks like something is definitely brewing at Google in the security arena. Then there's the recent announcement of Google Gears [2], a toolkit that allows developers to modify their online applications to work offline as well. My guess is that Google is working on a secure browser for its online apps that also allows offline access through the Google toolbar. Maybe I'm not guessing, just fantasizing :>)
[1] http://googleonlinesecurity.blogspot.com/
[2] http://code.google.com/apis/gears/

4.0 OTHER USEFUL STUFF

4.1 Good Deals on USB Flash Drives
You can pick up a SanDisk 4GB Cruzer Titanium U3 from Comp-U-Plus for $38.99 while NewEgg has the huge, fast CORSAIR Flash Voyager 16GB Drive for $124.99 after a $20 rebate. Perhaps the best deal of all is at Buy.com where you can pick up a Kingston 2GB DataTraveler USB 2.0 Flash Drive for $12.95 after a $19 mail-in rebate. Shipping is free and you can save another $10 if you use Google Checkout making the unit only $2.95. At that price buy two and have a backup. Note that I don't make anything on these; they are just good deals I've seen around. Let me know if you stumble across a tasty bargain. Make sure though that any offer remains valid through to when I publish the next issue of the newsletter.
[1] http://tinyurl.com/2ck8wx (compuplus.com)
[2] http://www.newegg.com/Product/Product.aspx?Item=N82E16820227145
[3] http://www.buy.com/prod/kingston-2gb-datatraveler-usb-2-0-flash-drive/q/loc/101/202743330.html

4.2 Free Utility Helps Your PC Conserve Power
Subscriber Tom Mahoney writes "Gizmo, here's a small program [1] to manage energy saving options on a PC better and more consistently than XP. With my kids leaving PCs on all night and XP not hibernating consistently. Read about it in the NYT." Thanks for that Tom. It's an interesting program that been getting a lot of coverage as it expresses your PC energy savings in "feel-good" terms as saved carbon dioxide emissions. CO2Saver works by more aggressively controlling the power management on your PC compared to the Windows defaults. It installs a desktop toolbar that shows your greenhouse gas savings. The same toolbar can also be used for web search.
[1] http://co2saver.snap.com/

4.3 The Next Big Thing?
This Popular Mechanics video demonstrating Microsoft's prototype "Milan" coffee table computer will blow your mind. It will also blow your budget; we are talking $10,000 here. Note: This is a large video file and you'll need a fast broadband connection to play it.
http://link.brightcove.com/services/player/bcpid932579976?bclid=932553050&bctid=933742930


4.4 Good Guide to Modern Website Design
Regular contributor "Briard" writes "Gizmo. I'm looking at current trends in web design for a project I'm working on, and came across a couple of really useful links [1], [2]." Nice find Briard though I do wonder at what point the increasingly popular "Web 2 look" will start to look tired, boring and overdone. Not yet I know but it must happen.
[1] http://www.webdesignfromscratch.com/current-style.cfm
[2] http://f6design.com/journal/2006/10/21/the-visual-design-of-web-20

4.5 Useless Waste of Time Department
Here's a great way to mindlessly fritter away a few minutes of your life. Check this site where you can read how others are currently frittering away theirs :>)
http://twitter.com/

** Additional Items in this Premium SE Edition **

4.6 Site Keeps You Informed of Freeware Updates
I mention a lot of freeware programs in the newsletter but rarely have the space to let you know when new versions become available. At this freeware site they have a section specifically dedicated to keeping track of new versions. Thanks to subscriber Jojo James for this one.
http://www.prospector.cz/Freeware-updates

4.7 Is Your Flash Drive Compatible With Vista?
One of the new features of Vista is ReadyBoost a feature that allows users to boost performance by using flash memory for file caching and/or virtual memory rather than a hard disk drive. It works because flash memory has much faster random access fetch times than hard disk even though the data transfer rate is actually slower. Not all flash drives are suitable. Microsoft has mandated specs that must be met to receive the ReadyBoost logo however many stock flash drives will work just fine. To see if your thumb drive works consult this list [1]. If your USB drive won't work with Vista you can try this work-around [2].
[1] http://www.grantgibson.co.uk/misc/readyboost/
[2] http://tinyurl.com/2fe94u (windowsvistamagazine.com)

4.8 Eset Offers NOD32 for Free
Eset, the maker of the popular NOD32 anti-virus program, is currently offering a free beta of its brand new "Smart security suite product. According to the website the product includes: "- The next version of ESET's anti-malware engine (NOD32 v3.0) - A personal firewall with port stealthing and advanced filtering features - Antispam filtering with Bayesian filter, whitelisting and blacklisting. " I've not tested it but the reports I've had from subscribers have been most positive. But hey it is a beta and as they say "beta stands for broken." Free Beta, Windows 2K-Vista, spam filter is Outlook only, 17.8MB
http://www.eset.com/beta/


5.0 TIP OF THE MONTH

5.1 How to Improve Your Security When Using a Public Terminal (Part 2 of 3)

There is no 100% safe way to enter passwords from a public terminal. That's a fact.

Modern keyloggers can capture not only keyboard strokes but mouse clicks and the Windows Clipboard. They can also take screen shots of what you are doing. Keeping your confidential information from the prying eyes of the best of these sinister products is extremely difficult, perhaps impossible. Then there is the problem of someone looking over your shoulder and quite separately, security cameras.

So the golden rule is don't ever enter confidential information into a hotel computer, an internet cafe PC or other public terminal.

That's the rule but rules get broken. Sometimes we simply have to use a public terminal. I have and I bet most of my readers have too.

So what can you do to improve your security when entering passwords?

Quite a lot actually. Of the many different options available to improve your password security to me the most attractive is to enter your passwords using a password manager like RoboForm2Go running from your own USB flash drive. It's an option I covered in my May 2007 editorial column.

When run from a USB flash drive RoboForm2Go provides excellent security. In fact I've not yet found a keylogger that can capture the information it enters into login boxes and webforms from Portable Firefox. Don't take that to mean RoboForm2Go is 100% safe. It's not; no product is.

One particular area of weakness of RoboForm2Go is the master password you must enter to activate the password manager. If a keylogger captured that and also managed to copy the encrypted RoboForm master password file from your USB drive then you are in deep trouble as they would be able to access all your passwords.

So protecting that password is critical. Thankfully there are thing some simple entry practices that can make entering this master password much more secure. Furthermore these techniques can be applied to all password entry not just the master password in RoboForm.

(a) My first tip is to make your passwords (or passphrases) long and semi-random. Passwords like "SncnGnls3Fp" are much better than something like "banana". This is not only because long random passwords are more difficult to crack but also because they are more more difficult to unscramble from a keylogger log particularly when used in concert with some of the other techniques mentioned below.

Remembering long semi random passwords is difficult but there are lots of mnemonic systems that can help. By way of example the password "SncnGnls3Fp" I mentioned above is actually "RoboForm2Go" transformed by a simple formula where the first letter is shifted one forward in the alphabet (R -> S) while the next letter is shifted one back (o -> n). The same alternating pattern continues for the rest of the characters.

There a lot of different techniques and mnemonics for creating strong passwords and phrases. You can find some in this Microsoft article. Also worth consulting is this Wikipedia article on password strength.

(b) My second tip is before you enter your password turn around and look behind you to ensure no one is peeking. Make sure too that you shield the keyboard from the view of any security camera. Long random passwords make it difficult for someone peering over your shoulder to remember but it's still a good idea to actually physically check. Besides, it only takes a few seconds.

(c) My third tip is to use obfuscation techniques when typing your password. That's a fancy way of saying you can should disguise your password by entering it in more complex way than just typing it in from the keyboard.

For example rather than just entering the password from the keyboard you could cut and paste some of the characters that make up your password from another part of the screen. Ideally this should be from the same window as the one containing the password field but other windows will work fine too.

You could could also drop and drag and drag some characters rather than use cut and paste. Another trick is to enter a character by holding down the Alt key and using the numeric keypad. For example the letter "a' can be entered by ALT 123. Yet another technique is to use an onscreen keyboard to enter some of the characters.

You can go one further and enter the last half of your password first followed by the first half. You can then drop and drag the second half to the front from inside the password box.

Using a combination of these techniques to enter your password can make it really hard for anyone to reassemble your password from a keylogger log. However by a using another obfuscation trick we can make the task near impossible. This trick involves the insertion and deletion of random dummy characters into your password.

For simplicity lets say your password is abcdefg.

Rather than enter your password as a simple sequence of letters throw in some additional dummy random characters along these lines: aMNbOcZdPQReSfgTUV

Now go back and delete the dummy letters one at a time. Delete some characters using backspace, others using the mouse to highlight the letter(s)and the then hitting the Delete key or using the right click context menu and selecting "delete."

By combining the dummy character trick with the various multiple entry techniques you can fool pretty well any keylogger. However don't feel you have to use every single obfuscation trick I've mentioned; that's overkill. Indeed you may not be able to use all these techniques as some sites and products limit what you can do do. For example RoboForm2GO disables cut and paste  as well as drop and drag when you are entering the master password. It also won't allow you to access (get focus in) any window other than the password box. However you can still enter and delete dummy characters as well as entering characters using the Alt (numeric keyboard) trick and combined with a long random password that's good enough.

It's enough because any hacker reading a log from a keylogger has to read, identify, analyze and re-assemble what's recorded. That's hard work. If you use long random passwords combined with even a few obfuscation techniques then almost certainly you've made the job too hard. Possible yes, but too hard, specially when there is easy picking available elsewhere.

Next month we'll look at another way of protecting your passwords by using on-screen keyboards. I've located some great free products including one that works with RoboForm2Go so don't miss it!

6.0 FREEBIE OF THE MONTH

6.1 Notepad on Crack

Great tag line eh? It's the way the author of ZuluPad describes his product and it's not too far from the truth.

ZuluPad is a cross between a note-taking program and a wiki. Put another way, it allows you to create a document with many key phrases in a page linked and cross linked to other pages. Furthermore it does this in such a simple and effortless manner that even a dummy could do it.

Let me give you an example. Suppose I was writing this newsletter item in ZuluPad. When I first mentioned the word "wiki" in the second paragraph I could create a linked page by simply highlighting the word "wiki." At that point ZuluPad would pop-up a new blank page headed "Wiki." I could then write a definition of a wiki.

When I returned to my original page the word "wiki" would now be linked. Furthermore any mention of "wiki" in all current related pages and all new pages would be automatically linked as well.

This is an incredibly powerful way of cross relating information and has enormous application from personal research through to commercial applications.

The idea is not new; ZuluPad has obvious similarities with VoodooPad that has been around on the Mac for quite a while and there are other similar applications that go way back. However ZuluPad is the most usable implementation I've yet seen for Windows.

The product is still at early stage in its development cycle, indeed the version I tested was only 0.41. However I found it worked perfectly; it did all that I wanted and I didn't strike a single bug. The free version is a little short on features so if you use the product I suspect you may well be tempted to fork out $15.00 and upgrade to the Pro version.

Also available is a free web-syncing service that allows you to backup and access your hyperlinked documents. However I did not test this service.

ZuluPad: Free, Open Source, Windows ME - 2003, 1.6MB
http://www.gersic.com/zulupad/

** Bonus Freebie for Premium Edition subscribers **

6.2 The Best Free Desktop Publishing Program

Commercial Desktop publishing programs are expensive. QuarkXPress costs $749, Adobe InDesign costs $699 and even Microsoft Publisher costs $169. Happily there are two excellent free desktop programs. One is ideal for small business and an excellent alternative to Microsoft Publisher. The other free desktop publisher is a beautifully implemented full featured product that can mix it with the big boys.

The first is PagePlus SE [1] from Serif Software, makers of the well known free digital editor PhotoPlus. It's an earlier version 8 of Serif's current PagePlus product that is now (I think) at version 11. The SE version is lacking a lot of features in the current product but it has more than enough to produce the relatively simple brochures, flyers, ads, and newsletters used by small businesses and charitable organizations. In fact its lack of fancy features is in some ways a blessing as there is less to confuse beginners. There is a good set of templates provided to get the creatively challenged started and more can be downloaded from the web. Text creation and manipulation works well while images can be cut and pasted, re-sized and moved around the templates with ease. There is also a basic set of shapes available. The color palette available is limited but entirely adequate. File formats are also somewhat restricted most notably in that you cannot save in PDF format. However for $9.95 you can upgrade to version 9 [2] that handles PDF as well as adding a lot of other features such as Pantone colors, freehand tools, mail merge and web publishing. The thing that strikes you about PagePlus SE is the ease of use. In fact if you can use Microsoft Word you can use PagePlus SE yet achieve far more with your layout than would be ever possible with Word.

The second product is Scribus [3], a free open source program that was originally for Linux but is now available for Mac OS X, OS2 and Windows. Scribus is the real thing; a professional quality page layout program capable of producing "press-ready" output. The feature list is impressive; basically everything you want is there including "CMYK color, separations, ICC color management and versatile PDF creation." Graphics manipulation is handled via an interface to "The Gimp" another open source program. Similarly Scribus can import from and export to programs in the Open Office suite. The user interface though highly functional, is not quite as slick as its commercial cousins but it can be skinned to fit in with the look of whatever operating system you are using. The documentation is excellent and there is lots of support from Scribus's enthusiastic user community.

Many thanks to subscriber Scott Youngman for suggesting these top products.
[1] http://www.freeserifsoftware.com/software/PagePlus/default.asp Freeware, Windows 95-XP, 19.6MB
[2] http://www.freeserifsoftware.com/software/pagePlus/pagePlus9.asp
[3] http://www.scribus.net/ Free Open Source, Windows 2k with GDI+ Library, Windows XP, 18.2MB

7.0 MANAGE YOUR SUBSCRIPTION

The best way to manage your Premium Edition subscription is from the Supporters' Area of the Support Alert website. There you'll also find all individual back issues, a downloadable back issue archive, an extensive FAQ plus a growing list of resources exclusively available to Supporters.
http://www.techsupportalert.com/supporters/private.htm

The Supporters' Area is protected. To log-in, use the security information sent to you when you first subscribed or as notified subsequently.

If you no longer wish to receive this newsletter, send me an email at supporters@techsupportalert.com. Remember to state the email address at which you are currently subscribed.

Receiving duplicate issues? If you are receiving an unwanted copy of the free edition of this newsletter, you can cancel that subscription by going to the following link: http://www.webelists.com/cgi/lyris.pl?enter=support.alerth

Enter your email address. No password is needed. You can then cancel your free subscription.

Note that the free and paid editions are totally different publications so you can unsubscribe to the free edition without any chance of impacting your paid subscription.

The 46 Best-ever Freeware Utilities
http://www.techsupportalert.com/best_46_free_utilities.htm

The Extended List of the Latest Freebies
http://www.techsupportalert.com/more/extended.htm>

For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79

Thanks to subscriber Neal Dwire for proofreading this issue..

For convenience North American subscribers can contact this newsletter by snail mail at:

Support Alert
PO Box 243
Comstock Park, MI 49321-0243 USA

Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2007

See you next issue. Next month's issue will be published on the 19th of July

Gizmo
Ian Richards
editor@techsupportalert.com