gizmo richards' support alert newsletter

"Gizmo's top picks of the best
tech resources and utilities"

Premium Edition
Issue
147, 19th July, 2007

If you experience problems reading this issue in your email program you can read this issue online from the Supporters' Area here: http://www.techsupportalert.com/supporters/private.htm

IN THIS PREMIUM ISSUE:

0. EDITORIAL: Securing USB Flash Drives

1. TOP TECH SITES AND RESOURCES
1.1 Recovering Data from a Corrupted Hard Drive
1.2 Free Online Digital Editing Service
1.3 Make Firefox Look Like Internet Explorer
1.4 Expanding Microsoft Search to Cover More File Types
1.5 Programs That Won't Run in a Limited User Account
1.6 How to Select the Best File Compression Program
1.7 Free Open Source Programs That Can Replace Commercial Software (Premium)
1.8 Fix Window File Association Problems
1.9 Excellent Windows Tips and Tricks Site (Premium Edition)
2. TOP FREEWARE AND SHAREWARE UTILITIES
2.1 Important Announcement for Premium Subscribers  Please read this!
2.2 An Easy Way to Know if you are Surfing Securely
2.3 Flash Drive Management Systems
2.4 Free Utility Copies Un-copyable Files
2.5 Superb Collection of Free Hard Drive Diagnostic Utilities
2.6 Learn to Type While Playing Computer Games (Premium Edition)
2.7 Free Utility Extracts Text from Binary Files (Premium Edition)
2.8 Free Utility Times How Long a Program Takes to Run (Premium Edition)
3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Microsoft Security News
3.2 You Need To Update QuickTime and Flash Now
3.3 A Serious Warning from Gizmo
3.4 Microcode Update for Late Model Pentiums
4. OTHER USEFUL STUFF
4.1 Good Deals on Computer Stuff
4.2 Mind-blowing New Photo Technology
4.3 Running Linux from a USB Flash Drive
4.4 Free Utility Lets You Record Screen Sessions Easily
4.5 Website Allows You to Create Your Own Comic Strips
4.6 Useless Waste of Time Department
4.7 Free Web Service Lets You Sell Event Tickets Online (Premium Edition)
4.8 Free Online Photo Gallery Generator and Photo Album (Premium Edition)
4.9 Super Cheap Chinese USB Drive Guaranteed Never to Fail (Premium Edition)
5. TIP OF THE MONTH
5.1 How to Improve Your Security When Using a Public Terminal (Part 3 of 4)
6. FREEBIE OF THE MONTH
6.1 Recover Deleted Files from Digital Cameras and MP3 Players
6.2 Free Utility Hides Folders (Premium Edition)
7. MANAGING YOUR SUBSCRIPTION

0.0 EDITORIAL

Securing USB flash drives is not quite as simple as you might hope. Simple no, but possible yes.
That's because drive encryption, one of the simplest and robust forms of protecting a PC, won't work unless you have administrator privileges on the host PC you plug your USB drive into.

This immediately rules out most hotel computers, internet cafes and other public terminals.

It's a point I made in last month's editorial when I stated that most popular disk encryption utilities like TrueCrypt were unsuitable for encrypting USB flash drives as they require administrative privileges to run. I suggested the alternative of encrypting your private data using the encryption capabilities built into archiving programs such as IZarc2Go

This prompted a number of subscribers to write in. Some suggested the mobile version of the specialist encryption utility Cryptainer LE could be used, provided the container on the USB drive was first created on a PC with admin privileges. Others made similar claims for TrueCrypt when used in "Travel" mode and for other similar utilities as well.

Alas dear readers, these claims while well meaning are not correct. To the best of my knowledge every encryption program that works by creating a container or encrypted virtual disk needs to load a driver to encrypt/decrypt that disk and loading a driver in Windows requires admin privileges. It's as simple as that.

There are however many free encryption programs that don't work by creating containers and a lot of these will work on USB drives attached to hosts accounts with limited user accounts.

Unfortunately most of these programs are designed to encrypt files or folders rather than whole disks. That's not quite as convenient a solution as a virtual disk and carries the risk that there may be some recoverable remains left on the disk of the original unencrypted file.

I looked at a few of these programs. My favorite file encryption utility dsCrypt works like a charm on USB drives but is inconvenient to use as it can't handle folders. Another favorite AxCrypt needs admin privileges unless you use its self decrypting executable feature but that's of no use when you want to encrypt data. AFS3, Private Disk Light and Remora Disk Guard will handle folders though they encrypt the individual files separately within their folders. And all these programs (AxCrypt excepted) leave the original unencrypted files intact. That means you have to separately shred the originals using a secure deletion program.

So on balance none of these free encryption programs offers USB flash drive users any real advantage over using IZArc2Go, 7-ZIP [11] or other portable encrypting archiver. It's a sad state of affairs and I wish there was a better solution. Indeed, if anyone knows one please let me know.

Of course, none of this is a problem if you only use your flash drive on PCs where you have administrator privileges. In this case TrueCrypt, Cryptainer LE and AxCrypt all offer a convenient and highly secure solution.

So there it is dear readers. If you want to use your USB stick on public terminals then you will need to put up with a little inconvenience to secure your data. It's not a show stopper though. Using IZArc2Go to protect your USB drive is a perfectly workable solution, indeed it's what I use myself. When used together with a portable secure file deletion program like UltraShredder [10] it's also highly secure. It's just not as convenient as using a program that uses encrypted virtual drives.

If absolute convenience is a must you may be better off with a USB drive with a fingerprint reader or built in smart card. Just be aware though that it's hard to establish whether the security of these proprietary solutions is as good as the vendors claim.

See you next month

Gizmo
supporters@techsupportalert.com



1.0 TOP TECH SITES AND RESOURCES

1.1 Recovering Data from a Corrupted Hard Drive
Data recovery is a very complex issue with many different kinds of problems and many possible solutions. However I was impressed by this detailed guide that shows you how you can use a Knoppix live CD to recover data from a Windows disk. It's not the only solution of its kind but the excellent instructions make it worth bookmarking.
http://www.shockfamily.net/cedric/knoppix/

1.2 Free Online Digital Editing Service
I've previously mentioned Fauxto, an online digital editing service that offers PhotoShop like capabilities. Picnik is another such service but with a different twist. Rather than offering fancy editing features it has blinding speed and excellent integration with Flickr, Picasa web albums and Facebook. You can of course upload photos from your computer as well. Image formats supported include JPG, GIF, PNG, BMP, TIF and TGA. Picnik is Flash based and makes use of Google's new Gdata API. If Picnik is an indication of how well this interface works then I look forward to seeing the next round of applications that embody this technology.
http://www.picnik.com/

1.3 Make Firefox Look like Internet Explorer
Why would you want to do this? Because it's a clever way to wean change-resistant users away from IE.
http://johnhaller.com/jh/mozilla/firefox_internet_explorer/

1.4 Expanding Microsoft Search to Cover More File Types
All of the recent Microsoft search products from the inbuilt Windows Search through to Desktop Search can be expanded to index the content of a wider range of different file types by using iFilters. You can think of these as plug-ins each allowing the Microsoft search products to access the content of specific files types such as PDF, CAB, RAR etc. This site [1] offers a wide range of iFilters, most of which you can download for free. Thanks to subscriber Oliver Jones for the suggestion.
http://www.ifilter.org/faq.htm

1.5 Programs That Won't Run in a Limited User Account
Working with a Windows limited users account is a good way of reducing the chance of getting infected by malware. Unfortunately many poorly written programs won't work properly in a limited account. These sites list some of the worst offenders:
http://www.threatcode.com/admin_rights.htm
http://www.pluralsight.com/wiki/default.aspx/Keith/HallOfShame.html

1.6 How to Select the Best File Compression Program
In issue #186 [1] I mentioned KGB, an archiving program that can compress text files down much smaller than many popular archivers though it takes a lot time and computing power in the process. This prompted subscriber Erik Wasberg to write in about a site called maximumcompression.com [2] that compares dozens of different archivers on the basis of compression efficiency, resource usage and time taken across various file types. This outstanding site is essential reading for those who needs to archive large amounts of data or indeed, anyone who has a general interest in file compression.
[1] http://techsupportalert.com/issues/issue146.htm#Section_2.2
[2] http://www.maximumcompression.com

** Additional Items in this Premium SE Edition **

1.7 Free Open Source Programs That Can Replace Commercial Software
Regular contributor JW sent me this link to an extensive list of Open Source software. The list is notable for several reasons. First it is very extensive, second it cross references each program to its commercial equivalent when such a comparison is possible. Finally it includes a great list of free Open Source games. https://help.ubuntu.com/community/ListOfOpenSourcePrograms

1.8 Fix Window File Association Problems
Sometimes the only way to restore a broken association between a file type and the program that should open that file type is to patch the Registry. Thankfully this site provides a whole set of patches in the form of .reg files. To install just double click the .reg file.
http://www.dougknox.com/xp/file_assoc.htm

1.9 Excellent Windows Tips and Tricks Site
During the month I received an email from Mark Ursino who asked me to check out his Windows tips site. I did and was quietly impressed. It has a limited but growing set of how-to articles that will appeal to average users, a bit along the line of my "Tip of the Month" item in this newsletter. Recent "how-to" additions to his site include "Fast File Transfers on Your Home Network with FTP", "Keep Your Desktop Clean yet Maintain Quick Access to Programs" and "Set up a Windows SSH Server for VNC Tunneling."
http://www.allthingsmarked.com

Got some top sites to suggest? Send them to:
supporters@techsupportalert.com



2.0 TOP FREEWARE AND SHAREWARE UTILITIES

2.1 Important Announcement to Premium Subscribers

The upgrade to the premium edition subscription management system that I announced some months back is finally happening and should be in place by the time the August issue is published. I apologize for the delay.

The new system offers considerable advantages for subscribers including:
  • The ability to have your own user-name and password
  • The ability to automatically have your password re-sent to you
  • The capacity to check your subscription renewal date
  • Renewal of your subscription at any time
  • The ability to have a subscription delivery address that's different from your subscription payment email address
  • No more unnecessary renewal notices after re-subscribing

To access the new system you will need to be a current premium subscriber. If your premium subscription has lapsed I suggest you renew now as you will no longer have access to the Supporters' Area once the new system is in place. You can renew here [1].

I'll be writing to all current premium subscribers with full details in the next few weeks. Please keep an eye out for this email as I'll be asking you to login to the system with a new password then change to whatever password you want. I'm letting you know now in case some of you accidentally mistake this for a phishing letter.

[1] http://techsupportalert.com/resub.htm

2.2 An Easy Way to Know if you are Surfing Securely
I've been harping at you in recent issues to always surf securely using a sandbox or with your browser running in a Windows limited user account. That's because there are now so many new malware threats and hostile sites around that secure surfing has moved from being a nicety to a necessity. Last month I even published a guide [1] showing you exactly how to do it. This prompted subscriber Hal D. to write "Gizmo, I followed your simplified instructions and created a safe version of my browser using DropMyRights, together with a desktop icon. I just click the icon and it launches by browser ready for safe surfing. It seems to work great but therein lies the problem. How do I tell if it's actually working?"
It's a great question Hal but thankfully there is a relatively simple answer. For Internet Explorer users there is a free add-on called PrivBar that installs a new toolbar that displays the privilege level the browser is currently running under. That is: Administrator, Power User, User or Restricted User. This along with strong color coding provides an immediate and unambiguous indication of your browsing security level. Unfortunately PrivBar has no installation routine and the instructions on the site are a little obscure so I've created an easy installation guide here [3]. Firefox users have it a little easier. There is a free extension called IsAdmin that does much the same thing as PrivBar though it uses an icon in the Status Bar to indicate the security level rather than a toolbar. So there you are: now you can not only surf safely but additionally enjoy the confidence of knowing you actually are. :>)
[1] http://www.techsupportalert.com/safe-surfing.htm
[2] http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx
[3] http://www.techsupportalert.com/installing-privbar.htm
[4] https://addons.mozilla.org/en-US/firefox/addon/4259

2.3 Flash Drive Management Systems
If you are getting into USB flash drive computing you are going to have to quickly make a decision about the approach you are going to take to managing and organizing your portable applications. That's because there are a number of different application launchers / management systems available such as U3, Ceedo, MojoPac, PortableApps, LivePC and more. While each of these has its merits as a menu system they have a much wider significance in terms of the kind of portable programs you can run from your flash drive. Over the last few weeks I've tried all these systems and that while each has its attractions and problems they all can be made to work. Indeed each may suit a particular kind of user so it's hard to make general recommendations. So what's my personal take? I found U3 [1] too limited by its proprietary nature. Also there are just not that many U3 apps around that aren't also available in non-U3 so why lock yourself in? Ceedo [2] is also proprietary but the ability of its Argo plug-in to convert any app to a portable version sounded attractive. However it flunked on five out of the seven products I tried. MojoPac [3] is based on a great idea: it creates a portable version of your own desktop. Unfortunately it requires admin rights on the host so that counts me out. LivePC [4] on the other hand doesn't use conventional portable apps at all. Rather it uses online applications running from your own personalized desktop that you can access through your USB drive. It's a great system but too limited by the rather thin collection of apps available from their site. That leaves PortableApps [5]. This is a free menu based system that allows for the easy installation of portable programs that are bundled in a special PortableApps format. That format however is an open standard. Furthermore the site offers a huge array of free programs already packaged in the PortableApps format including many popular open source programs. They also offer a handy suite that bundles together the most popular programs including Firefox and Thunderbird in a single download. Sounding good? But here's the clincher. You can add pretty well any portable application to the PortableApps menu (launcher) simply by including the app's folder inside the PortableApps folder. I've decided to go with PortableApps. Consequently I've erased the Ceedo system that came pre-installed on one of my USB drives and also entirely removed the U3 installed on another.
[1] http://www.u3.com/
[2] http://www.ceedo.com/
[3] http://www.mojopac.com/
[4] http://www.moka5.com/products/index.html
[5] http://portableapps.com/

2.4 Free Utility Copies Un-copyable Files
Recent I had to transfer several hundred megabytes of media files from one large external drive to another. With Windows Copy the job just kept crashing. I tried the venerable but still effective XXCopy [1] but it fared no better. I then remembered a utility called Unstoppable Copier that had been recommended by subscriber George Rakocsi that I had never got around to checking out. It seemed the perfect tool for the job. According to the website Unstoppable Copier "allows you to copy files from disks with problems such as bad sectors, scratches or that just give errors when reading data. The program will attempt to recover every readable piece of a file and put the pieces together. Using this method most types of files can be made useable even if some parts were not recoverable in the end." Well I'm pleased to say Unstoppable Copier worked perfectly. As it turns out just one file was corrupted out of the 2700 files on the disk and that's what was causing Windows Copy to fail. After that incident do you think I'm going to recommend Unstoppable Copier? You bet and not only for problem copying but for recovering partly corrupted files as well. It's just the thing for getting your information off scratched CDs and DVDs, aging floppies and failing hard drives. Don't expect it to perform miracles though; some disks are just too physically damaged to allow data recovery. Freeware, All Windows versions, 67KB.
[1] http://www.xxcopy.com/index.htm
[2] http://www.roadkil.net/unstopcp.html

2.5 Superb Collection of Free Hard Drive Diagnostic Utilities
This site has some of best technical utilities for hard disk diagnosis that I've seen and they are all free. From low level formatting to hard drive diagnostics everything you could want is there. As these are advanced tools designed for use by techies I'm not going to explain more. And don't expect the documentation to help - it's mostly in Russian :>) Seriously folks, if you don't know exactly what the tools on this do then please don't download them as there is a serious chance you will harm your PC. For experienced users though these tools are invaluable. Do check out the rest of the site; it's a wonderful resource for everything related to hard drives.
http://hddguru.com

** Additional Items in this Premium SE Edition **

2.6 Learn to Type While Playing Computer Games
Here's a neat idea; a special version of the computer game Space Invaders where to control the game you have to touch type characters. There also a BreakOut version for a bit of variation from Space Invaders. Freeware, All Windows, 1.1MB
http://www.touch-typing-tutor.com/TypingInvaders-FreeTypingGame.htm

2.7 Free Utility Extracts Text from Binary Files
When dealing with any unknown .exe, .dll or other binary files it's often helpful to view any text information contained in the file. This often allows you to identify the program itself as well as other information such as the copyright date, application used to create the file, menu items and error messages. "Peek" is a tiny utility that allows you to do this by creating a right context menu item. Usage couldn't be simpler: just right click a binary file and select "Peek." The program can handle Unicode strings and can provide text string offsets. Thanks to Bob Thomson for this little gem. Freeware, all Windows versions, 12KB
http://members.ping.at/mlubich/

2.8 Free Utility Times How Long a Program Takes to Run
When benchmarking it's often useful to know how long a program takes to run. You can sit there with a stop watch but it's much easier to use the ntimer command line utility that's included in the Windows 2003 Resource Kit Tools [1]. Full instructions here [2]. The Resource Kit works fine with Windows XP.
[1] http://tinyurl.com/4k28b (Microsoft.com)
[2] http://malektips.com/xp_dos_0024.html


Got some favorite utilities to suggest? Send them to mailto:supporters@techsupportalert.com



3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES

3.1 Microsoft Security News

In the last month we have seen a number of flaws revealed in Microsoft's massive .NET Framework some of which were fixed in the July Patch releases. To me, this augurs of things to come. The .NET Framework is a big product that's widely deployed. That makes it a sitting duck for exploitation. So add .NET to your list of products you should be concerned about. Other members of that list include MS Office, Adobe Acrobat Reader, Flash, Sun Java, Oracle and QuickTime.

Also notable during the month was a bun-fight between supporters of Firefox and Internet Explorer. The fight was over who was responsible for a flaw in Firefox that made use of Internet Explorer. Despite all the shouting and finger-pointing the flaw remains unpatched. Those who have both Firefox and IE installed may want to consider implementing the work-around suggested here [1].

Patch Tuesday the 10th of July saw the release six security bulletins from Microsoft covering 11 separate flaws. Seven of the 11 flaws were rated as critical and addressed problems in Excel, Windows Active Directory and the Microsoft .NET Framework.

Further details of the July updates can be found here [2]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and you will need a considerable period of time online for them to download successfully. If you have any doubts whether you have received the updates, then visit the Microsoft Update Service [3] now.

[1] http://tinyurl.com/2efbb5  (Eweek.com)
[2] http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx
[3] http://update.microsoft.com (Requires IE5 or later)

3.2 You Need To Update QuickTime and Flash Now
Apple have released V7.2 of QuickTime that patches eight serious flaws in the product the worst of which could allow your computer to compromised simply by watching a specially crafted QuickTime movie. More details here [1]. If you QuickTime version number is less than 7.2 then please update from here [2] now. Adobe has also released a patch for its highly popular Macromedia Flash plug-in. This fixes flaws in Flash that, like the QuickTime flaw, could allow your computer to be compromised simply by watching a malicious Flash movie. According to the Adobe bulletin the flaw affects "9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier." You can update from here [3]. These flaws are serious folks; please update immediately.
[1] http://docs.info.apple.com/article.html?artnum=61798
[2] http://www.apple.com/support/downloads/
[3] http://www.adobe.com/support/security/bulletins/apsb07-12.html

3.3 A Serious Warning from Gizmo
Over the last few months I've been warning you of the necessity to regularly check whether there have been security updates for all the software on your PC not just Windows and Office. If you want proof of the need, read the item above. The easiest way to check for security updates to your software is to use the free Secunia Software Inspector Service [1]. I suggest you use it regularly. After each monthly Windows Update is a good time to visit Software Inspector; use it as a reminder.
[1] http://secunia.com/software_inspector/

3.4 Microcode Update for Late Model Pentiums
These days it is possible to update the firmware of processing chips in much the same way you update your BIOS. Before you start thinking that maybe you can update that old P3 to the latest P4 let me tell you that these updates are only issued to improve reliability and solve bugs rather than to improve speed or upgrade models. Microsoft has details on its site of a recent microcode update to Intel Core 2 due processors including the Mobile, Desktop, Desktop Quad, Extreme and Xeon processors 3000, 3200, 5100 and 5300 series. Microsoft suggests that users of these processors install the updates if they are experiencing Stop errors or unpredictable system behavior. Unlike BIOS updates there is little risk in the updating process as the code is volatile and can be removed if necessary by a reboot. Thanks to subscriber Lex Davidson for the link.
http://support.microsoft.com/kb/936357


4.0 OTHER USEFUL STUFF

4.1 Good Deals on Computer Stuff
Thanks to all the subscribers who wrote in with the PC bargains they had located. Keep them coming! Derek Anderson found 2 GB USB flash drives available at $15.99 every day from Microcenter [1] and on special some days at $12.99. Nice price but I'm not sure how fast these drives are. However subscriber Kevin Anderson picked up a zippy 4GB Kingston Traveler for $29.55 from MegaCameras [2]. Kevin noted the same drive is available from Dell [3] for $149!  Moving away from USB drives subscriber Beverly Thomas pointed out the great cable deals at Compuvest [4] including 10 foot RJ45 Ethernet patch cables for 99 cents. Note that I don't make anything on these suggestions nor do I vouch for the vendors or guarantee the products are still available at the indicated price. I simply pass these suggestions on for you to check out if you so wish.
[1] http://www.microcenter.com/
[2] http://tinyurl.com/ytjd3p   (Megacameras.com)
[3] http://tinyurl.com/29vnm3  (Dell.com)
[4] http://www.compuvest.com/

4.2 Mind-blowing New Photo Technology
This video demonstrating Microsoft's Photosynth project left me speechless and made me think the unthinkable; that computers are finally delivering on what they promised. It's good news even if it is a mere 30 years late. Thanks to Lex Davidson for this link. Note that you need broadband to view this.
http://www.ted.com/index.php/talks/view/id/129

4.3 Running Linux from a USB Flash Drive
Following his recent encounters with Linux distros and then Windows USB flash drive computing, it's only natural that regular contributor "Briard" would look at running Linux from a flash drive. After checking out several attractive options he settled on one distro as the best for this application. Read the full article here [1] to see what he found.
[1] http://www.techsupportalert.com/flash-drive-linux.htm

4.4 Free Utility Lets You Record Screen Sessions Easily
In issue #141 I covered free utilities like Wink [1] that allow you to make movies of what's happening on your screen. However regular contributor JW has written to point out the virtues of another program called Screen2Exe. As the name implies it creates a movie in the form of an EXE file rather than AVI or SWF and that means you don't have to use a media player to view it. It is also very easy to use and comes with a full set of features including voice and mouse recording, multiple quality settings plus the ability to record only a part of the screen. The vendor also claims that the use of the special SSCV2 codec for compression produces a smaller file size that other codecs. I note though that it does not allow screen annotation. Freeware, Windows 2000-2003, 424KB.
[1] http://www.debugmode.com/wink/
[2] http://www.screen-record.com/screen2exe.htm

4.5 Website Allows You to Create Your Own Comic Strips
Good with words but lacking in artistic ability? Have no fear, now you can create your own comic strips by using the pre-drawn frames at these sites. Thanks to prolific contributor Andreas Büsing for the suggestion.
http://www.stripcreator.com/make.php
http://www.readwritethink.org/materials/comic/
http://www.wittycomics.com/make-comic.php
http://www.makebeliefscomix.com/

4.6 Useless Waste of Time Department
Well this video [1] is only really a waste of time in the economic sense as it will make you smile with warmth and endearment. In these callous times this must be counted as a fine thing. This link was brazenly stolen from Eric Howes' excellent CounterSpy Security newsletter [2].
[1] http://www.flixxy.com/why-everyone-needs-a-pet.htm
[2] http://wwww.counterspynews.com

** Additional Items in this Premium SE Edition **

4.7 Free Web Service Lets You Sell Event Tickets Online
Managing ticket sales for fund-raising events can be an administrative nightmare. This website offers a free service that will do it for you. I haven't used it personally but if delivers on what it promises should be a useful service for many subscribers.
http://www.ts.com/

4.8 Free Online Photo Gallery Generator and Photo Album
Subscriber Oliver Jones writes "Gizmo, If you've used a digital camera, you know how tricky it can be to do a good job of making a usable web site containing your photos. Almost everyone has heard about Google's Picasa photo organizer [1]. It has a lot of very polished features. It also has an online photo-gallery generator that works OK. But for sheer simplicity, flexibility, and good design nothing beats Porta [2]. In a few seconds this software package reads a folder full of JPG files and makes a web-browser-viewable gallery. The gallery is a series of files and folders that you can burn to a CD or upload to a web server. It gives you thumbnails and medium-resolution images. You can also include high-resolution images for printing if you want. Once you start using Porta, you'll have time to edit your photo albums carefully so you can show your best photos to your friends and delight them instead of boring them!" Nice find Oliver, thanks. Thanks too to subscriber Tony Bennett who writes "Gizmo, thought you might like to see this impressive album software called DigiBook [3] which is free and has every thing you would want from such software. Yes, Picasa is simpler and easy to understand but DigiBook allows you to be much more creative."
[1] http://picasa.google.com/download/
[2] http://www.stegmann.dk/mikkel/porta/
[3] http://www.digibook.com/en/

4.9 Super Cheap Chinese USB Drive Guaranteed Never to Fail
This USB drive uses an ultra-minimalist approach to minimize the risk of component failure. Check it out; you are bound to be impressed :>) Thanks to JW for this one.
http://www.gadget9.com/2007/06/17/usb-thumdrive-from-china


5.0 TIP OF THE MONTH

5.1 How to Improve Your Security When Using a Public Terminal (Part 3 of 4)
Last month [1] I showed you how you can enter passwords more securely using obfuscation techniques. This is fancy way of saying that when you type your password you insert and delete random letters to mask the real password. It works because most keyloggers just record a long string of characters containing the keystrokes you have entered so adding and deleting random letters makes it very hard for an attacker to work out which of the recorded keystrokes form part of your actual password.

However some keylogging programs are smart enough to get around this. Next month I'll show you just how they get around it and what you can do about it but first we need to look at another way of outsmarting keyloggers: on-screen keyboards.

An on-screen keyboard (OSK) is, as its name implies, a screen version of a normal keyboard where you "type" characters by clicking with your mouse the appropriate key on the screen. Windows has an OSK built-in that can be accessed from Start / All Programs / Accessories / Accessibility / On Screen Keyboard or alternatively from Windows key + U.

Now many folks think that using an OSK to enter password data is more secure because a keylogger can't capture the keystrokes. Unfortunately this is only partly true.

First some OSKs (including the Windows OSK) simply emulate actual keystrokes and these can be recorded by many keyloggers. Second anyone can see what you are entering with an OSK by simply taking a screen movie or even a rapid series of screen shots. Third by recording mouse click coordinates it may be possible to deduce the characters entered with an OSK. Finally it may be possible to capture the password from the OSK using a clipboard monitor when you copy the OSK entered password into a password form field.

That's the bad news. The good news is there are some OSKs that don't emulate keyboard input. Two of these are free, portable and specifically designed for secure entry. The first is Neo's SafeKeys [1]; the second is Monitor Only Keyboard (MOK) [2].

SafeKeys has some nifty features such as the ability to start up in a different screen position and with a different size every time you run it. This effectively defeats mouse click loggers. It also allows you to drag and drop the entered password into a web form thus bypassing clipboard loggers.

MOK has its own charms: it disables clipboard logging and has the option of a variable key layout. It doesn't support drag and drop but the copy implementation results in equal security to SafeKeys.

So on balance there is little between the products; each is a perfectly viable solution. Unfortunately both are still vulnerable to screen capture. However a screen capture program would have to take very frequent snaps or a continuous movie to successfully capture all your virtual keystrokes. That's possible, though the host PC would take a big performance hit in the process.

But there is a simple way of getting around screen capture programs: enter part of your password with an OSK and the remainder with the real keyboard. Combine the keyboard entry with a little basic obfuscation and you have a pretty secure solution.

It all sound a little complex but it's simpler in actual practice than this written description implies. So I suggest you download SafeKeys and/or MOK, install them on your USB drive and get some real life experience. It's all much easier than you think.

Next month in the fourth part of this originally planned two part series I'll look at some advanced keylogging techniques and the specific problems of protecting the RoboForm master password.
[1] http://techsupportalert.com/issues/issue146.htm#Section_5.1
[2] http://www.aplin.com.au/?cat=5
[3] http://www.myplanetsoft.com/free/mokhelp.php



6.0 FREEBIE OF THE MONTH

6.1 Recover Deleted Files from Digital Cameras and MP3 Players

There are several free utilities that can recover files accidentally deleted from hard drives but I've long been seeking one that works with files accidentally deleted from flash memory in digital cameras, MP3 players or USB drives.

Thanks to a suggestion from subscriber Adam Smithee that search is now over. Recuva is a free utility from the makers of the highly regarded CCleaner. Not only does it recover files deleted from flash memory it also works for hard drives as well.

Recuva of course cannot undelete files that have been written over or are stored in physically damaged sectors. However its ideal for recovering those precious holiday photos immediately after you accidentally erased them. Free beta, Windows 98-Vista, 211KB.

http://www.recuva.com/

*** Bonus Freebie in this Premium Edition ***

6.2 Free Utility Hides Folders

I'm sure why subscribers keep asking me for a free program that will hide Windows folders. Maybe it's because most of the utilities on the market are expensive commercial products. Maybe it's because my readers have a lot to hide :>)

I suspect the real reason is simplicity and convenience. Folder hiding is a concept that's easily understood and it's a really straight forward way of keeping your private information away from casually prying eyes.

I only know of one free utility that does the job: Free Hide Folder [1].

Usage is simple, you just nominate the folders you want to hide and they immediately disappear from view. Un-hiding requires the use of a password.

Like most folder-hiding utilities the level of secrecy is minimal. That's because your information is hidden but not encrypted. Indeed I had no problem locating a file in a hidden folder by using Windows search. Then again you have to know what you are searching for.

I should also note that every time I used the program it nagged me for a donation. That's OK we all have to eat but it's still an annoyance.

In summary Free Hide Folder is a convenient and useful way of providing simple privacy protection. Don't depend on it though to hide anything of real importance. If you want real security consider using the free open source program TrueCrypt [3] instead. It creates a virtual disk in which you can store your confidential data as opposed to a folder. It's not quite as convenient to use but unlike "folder hiding" programs, it is totally secure.

[1] http://www.cleanersoft.com/hidefolder/free_hide_folder.htm
[2] http://techsupportalert.com/issues/issue137.htm#Section_5.1
[3] http://www.truecrypt.org/


7.0 MANAGE YOUR SUBSCRIPTION

The best way to manage your Premium Edition subscription is from the Supporters' Area of the Support Alert website. There you'll also find all individual back issues, a downloadable back issue archive, an extensive FAQ plus a growing list of resources exclusively available to Supporters.
http://www.techsupportalert.com/supporters/private.htm

The Supporters' Area is protected. To log-in, use the security information sent to you when you first subscribed or as notified subsequently.

If you no longer wish to receive this newsletter, send me an email at supporters@techsupportalert.com. Remember to state the email address at which you are currently subscribed.

Receiving duplicate issues? If you are receiving an unwanted copy of the free edition of this newsletter, you can cancel that subscription by going to the following link: http://www.webelists.com/cgi/lyris.pl?enter=support.alerth

Enter your email address. No password is needed. You can then cancel your free subscription.

Note that the free and paid editions are totally different publications so you can unsubscribe to the free edition without any chance of impacting your paid subscription.

The 46 Best-ever Freeware Utilities
http://www.techsupportalert.com/best_46_free_utilities.htm

The Extended List of the Latest Freebies
http://www.techsupportalert.com/more/extended.htm>

For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79

For convenience North American subscribers can contact this newsletter by snail mail at:

Support Alert
PO Box 243
Comstock Park, MI 49321-0243 USA

Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2007

See you next issue. Next month's issue will be published on the 16th of August

Gizmo
Ian Richards
editor@techsupportalert.com