gizmo richards' support alert newsletter

"Gizmo's top picks of the best
tech resources and utilities"

Premium Edition
Issue
148, 16th August, 2007

If you experience problems reading this issue in your email program you can read this issue online from the Supporters' Area here: http://www.techsupportalert.com/members/index.htm

IN THIS PREMIUM ISSUE:

0. EDITORIAL: The limitations of DropMyRights

1. TOP TECH SITES AND RESOURCES
1.1 Great Site for Removing Spyware Infection
1.2 Another Free Online Digital Editing Site
1.3 Share Large Files with Anyone
1.4 Create Web 2.0 Style Logos Automatically
1.5 More USB Flash Drive Speed Tests
1.6 Repair or Upgrade Your Laptop Yourself (Premium Edition)
1.7 Get Big Downloads on CD or DVD (Premium Edition)
1.8 How to Disable USB Devices Under OS X or Windows (Premium Edition)
2. TOP FREEWARE AND SHAREWARE UTILITIES
2.1 Free Remote Control Utility Offers Ease of Use
2.2 Amazing Collection of Portable Applications
2.3 The Best Free Hex Editor / Disk Editor
2.4 The Best Free Thesaurus Utility
2.5 Another USB Drive Encryption Utility
2.6 The Best Free Program Launcher for Flash Drives (Premium Edition)
2.7 Another USB Drive Encryption Utility: Option 2
2.8 Best Free Font Manager (Premium Edition)
3. SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Microsoft Security News
3.2 Firefox Updated to V2.0.0.6
3.3 Just How Safe is Portable Computing?
3.4 Secunia Inspector now Available as a Free Stand-alone Program
3.5 AOL Drops Kaspersky from its Anti Virus Shield
3.6 VMWare for the Mac: a Competitor for Parallels
3.7 The Real Security of Fingerprint Protected USB Drives
3.8 BlackIce Firewall Discontinued
3.9 Important News for Yahoo Mail Users  Yahoo subscribers please read this

4. OTHER USEFUL STUFF
4.1 A Real Computer for Your Car
4.2 Lots of Free Utilities to Help You Communicate
4.3 Free Utility Helps You Learn Things Quickly
4.4 Freebies Galore
4.5 Useless Waste of Time Department
4.6 Portable Games for Your USB Flash Drive (Premium Edition)
4.7 Free Utility Let's Normal Programs Run on USB Drives (Premium Edition)
4.8 Get RoboForm Pro and ZoneAlarm Pro Suite for Free
4.9 New Premium Edition Subscription Management System  Please read this
5. TIP OF THE MONTH
5.1 How to Improve Your Security When Using a Public Terminal (Part 5)
6. FREEBIE OF THE MONTH
6.1 The Uninstaller You Have Been Waiting For
6.2 Free Utility Lets You Easily Edit MP3 Files (Premium Edition)
7. MANAGING YOUR SUBSCRIPTION

0.0 EDITORIAL

It was a terrific letter from subscriber "Dan"; a great story with important implications for many PC users:

"Gizmo, you don't know it but you've probably saved my marriage.

My wife and I share the same computer at home. She uses it a lot more than me as I work during the day while she looks after our baby at home. To her, the computer is a major means of amusement and social contact with the outside world.

I'm very fastidious about computer security and follow your advice to the letter but I found I was still regularly getting infected by all sorts of nasty programs.

I knew most, if not all, of the infection was coming from what my wife was doing on the computer. Every time the computer got infected I tried to explain to her about safe computing practices but she wasn't really interested. Her attitude was 'I just use the computer. It's your job to fix it.'

I was growing exasperated. I use the PC at home for work as well as pleasure and I just have to have a machine that works properly and securely when I need it. And with a young baby and I can't afford another machine.

So we were fighting about this a lot. Then you arrived in the unexpected role as marriage counselor.

You mentioned in the newsletter how to use DropMyRights to make my browser safer. I tried it and it worked really well. Over the course of a month the number of infections I was getting reduced dramatically. This sure helped in relations with my wife.

The problem is the number of spyware infections only reduced - they didn't go away entirely.
Gizmo, you have worked miracles. My marriage is probably saved but I want to be sure. I need one more miracle from you. How do I get rid of these infections completely?"

Dan's security experience is not uncommon. Using DropMyRights really increases your computer security but, like every other aspect of computer security, it's not a complete solution; it's just one element in the solution.

That said, I fully recommend using DropMyRights. Just don't rely on it alone to protect you. At the very least you still need a good firewall, such as Comodo, ZoneAlarm Pro, Jetico and others, combined with a good broad spectrum anti-virus program like AntiVir, NOD32, Kaspersky, Norton and others.

So just what are the weaknesses in the DropMyRights approach that expose you to risk? And what can you do to reduce these weaknesses?

First, you need to use DropMyRights for all internet facing applications, not just browsing. That means email, instant messaging and anything that uses the internet. You need to set up each of these applications to start with DropMyRights in the same manner you setup your browser.

To help you along I've uploaded to my website some instructions how to do this for popular internet-based products. If you followed my previous instructions for setting up your browser you should have no problems setting up your other web applications as well.
Second, be aware that your browser and other applications are only protected when you specifically start them up using DropMyRights. If another program starts them up they are not protected. So if your browser is launched by clicking a link in an email, the newly-launched browser won't be protected by DropMyRights.

You can overcome this particular problem simply by having your browser already open in DropMyRights before you read your email but other situations are more difficult to handle. So you need to be vigilant whenever another application opens any of your internet applications.

For much the same reason it's a good idea to configure your browser to always open links in new tabs rather than new windows. New windows normally open with the same rights as your current browser window but it's possible for malicious sites to force a link to open a new copy of your browser. So stick with tabs, which are safer.

Finally, DropMyRights gives no protection against programs you deliberately download that turn out to be infected. To protect against this risk you need to run the downloaded programs in a sandbox such as the free Sandboxie utility. I've covered this issue many times before in this newsletter so I won't repeat what I've said, just the principle: if you download or borrow a program and are not totally certain that it is kosher, then initially run it in a sandbox. Simple as that.

I suspect that infected downloads are the main reason why Dan's computer is still being infected, despite his use of DropMyRights. Sandboxing will definitely solve this problem for him. Whether it can help his marriage problems I cannot say :>)

Gizmo
supporters@techsupportalert.com



1.0 TOP TECH SITES AND RESOURCES

1.1 Great Site for Removing Spyware Infection
If you suspect you have a spyware infection you should download the free HiJackThis! utility from here [1], then run it and paste the generated log to a security forum where experienced users can help you interpret the results. I normally recommend the Tom Coyote forums [2] for this purpose, but subscriber "John" suggests a smaller site run by Tom Mercado because: "if a user posts their HiJackThis! log in this forum [3] they get help within minutes or hours compared to the bigger sites that can take days." I tried it out anonymously and John is totally correct. Better bookmark this site, you might need it.
[1] http://www.spywareinfo.com/~merijn/programs.php
[2] http://www.tomcoyote.org/hjt/
[3] http://temerc.com/phpBB2

1.2 Another Free Online Digital Editing Site
Subscriber Bob Dumouchel writes "Gizmo you mentioned Picnik [1] in the newsletter for online photo editing but I'm absolutely sold on Wiredness [2]. It's much faster than Picnik, has no ads and is really simple to use. In particular I like the image overlay feature and the easy captioning tool." Nice find, Bob, and I agree. The captioning feature is excellent. So too is the integration with Flickr and Picasa.
[1] http://www.picnik.com/
[2] http://www.wiredness.com/

1.3 Share Large Files with Anyone
DivShare is a free service that allows you to upload any number of files of any size and kind and share them with any number of people. All uploaded files are accessible via a unique download link that you can send to the intended recipient or publish publicly. Files are kept for a week for anonymous uploads but if you sign up for a free account they are kept permanently. DivShare can be integrated into Facebook and WordPress. The site free but supported by advertisements. I've tried it several times and the uploading and downloading speeds were variable but totally usable. Quite an offering for nix. http://www.divshare.com/

1.4 Create Web 2.0 Style Logos Automatically
Subscriber Phill J. writes "Gizmo, here's another Web 2.0 logo site that let's you create a Google style logo and four other styles as well." I tried it with "Tech Support Alert" and the generator did a great job. It made me realize, yet again, how tired my own site looks.
http://creatr.cc/creatr/

1.5 More USB Flash Drive Speed Tests
Thanks to Briard for these links. Happily my Lexar Lightning rated reasonably well.
http://www.moka5.com/reviews/2006/11/usbstick4.html
http://www.moka5.com/reviews/2006/11/usbstick5.html

** Additional Items in this Premium SE Edition **

1.6 Repair or Upgrade Your Laptop Yourself
This useful site, suggested by subscriber Andreas Büsing, should be a first port of call next time you have problems with your laptop. There's lots of practical information, including disassembly, trouble shooting, where to get spare parts and upgrades and more. Some laptop brands and models are better covered than others but the coverage is generally quite comprehensive. There is a commercial slant at times but hey, everyone is entitled to earn a living.
http://repair4laptop.org

1.7 Get Big Downloads on CD or DVD
Like to try some of the latest Linux distros but are stuck with a slow internet connection? Then have them sent on CD for a nominal cost from this site. Prices range from 99 cents for CDs of some of the smaller distros through to $109.99 for a hard drive crammed with 245GB of all the major distros. Shipping is free for orders over $20. Thanks to Mikel for this link.
http://www.frozentech.com/

1.8 How to Disable USB Devices Under OS X or Windows
USB drives may be the darling of end users but they are a security nightmare to system administrators. This article, suggested by subscriber Wayne Hulls, shows how to prevent these drives from being used on corporate PCs. Personally, I found the user comments as interesting as the article.
http://blogs.techrepublic.com.com/networking/?p=297

Got some top sites to suggest? Send them to: supporters@techsupportalert.com


2.0 TOP FREEWARE AND SHAREWARE UTILITIES

2.1 Free Remote Control Utility Offers Ease of Use
I'm impressed with CrossLoop. It's the easiest way yet to remotely control a distant PC. Before you get your hopes up, let me say that it is no substitute for products like LogMeIn or PCAnywhere, both of which allow you to login to a remote PC without anyone in attendance. By contrast, CrossLoop absolutely requires someone at the other end. If you can live with that limitation, CrossLoop may just what you have been looking for. It works like this: The user on the remote PC runs CrossLoop and generates a random 12 digit key which they send to you by email, phone, whatever. You plug this key into a copy of CrossLoop running on your own PC and request a connection with the remote. If the remote user accepts the connection you then can take control of the remote PC and operate it through your keyboard and screen. At all times the user at the remote sees on his screen exactly what is happening. That's pretty much standard remote computing, but it is the ease of use that makes CrossLoop different. No complex commands or firewall configuration are needed, just the ability to follow simple on-screen instructions. CrossLoop is really a smart front-end to the open source utility TightVNC. It supports 128 bit Blowfish encrypted connections and unlike the free version of LogMeIn, allows for two-way file transfers between the client and host PCs. Unlike Windows Remote Desktop, it will run on any PC from Windows 98 onwards. Just the thing for helping a friend with a PC problem, remote support or remote user training. Thanks to subscriber Mike Pasternack for the suggestion. Freeware, Windows 98 and later, 2.28MB
http://www.crossloop.com

2.2 Amazing Collection of Portable Applications

In recent issues I've recommended the excellent collection of programs for USB Flash drives available from Portable Apps [1]. However subscriber Zeeshan Ali has pointed me to another free collection at WinPenPack [2] that's even bigger. It's not only the size that impressed me but the inclusion of many programs not normally regarded as portable. WinPenPack manages this trick by using a special program launcher called X-launcher.

Several downloadable packs are available for different size flash drives and purposes. These include WinPenPack Flash 128, Flash 256, Flash 512, Flash Expert and Flash School. A comparison table of what's in each pack can be found on the website. Hint: the WinPenPack site is dual language, Italian and English. Click the language selection button on the top right to switch to English.

I downloaded the Expert Pack which was 192MB in the form of a self unpacking archive file. To install WinPenPack you run the single .exe file and unpack the apps to your flash drive. For the big Expert Pack it was a slow business taking nearly 30 minutes.

Once completed you need to change a file name to bring up the WinPenPack application launcher in English rather than Italian. In principle, it's a simple job with full instructions on the website, but unfortunately, it didn't work; the so-called English menu still came up as Italian. However, I downloaded the English menu file separately from the website and it worked fine.

The launcher is excellent. It offers a neatly arranged and organized list of application categories with drop down lists within each. The array of 135 applications is most impressive; it includes many apps I've never even heard of. The Launcher also has a most-recently-used list which I found very handy.

A few of the most popular apps, such as Firefox and Thunderbird, came up in Italian but almost all were English versions. You can replace the Italian programs with English versions by separately downloading them from the WinPenPack website.

I didn't try all 135 apps, but every one I tried worked. A few were dogs but I managed to discover several excellent new utilities which I will feature in future issues of this newsletter. Overall, the 135 included programs form a great starter set of technical utilities. Given that you can easily add additional programs, this is a good way to build a portable toolkit.

Overall, I think that WinPenPack is an impressive offering. Those of you who are prepared to accommodate the modest Italian language challenges of the website and installation will be rewarded with a rich and diverse set of portable applications.

For users with basic needs, the Portable Apps offering [1] is easier to understand and easier to install and update. WinPenPack, though, may well prove irresistible to advanced users and collectors of free utilities.

[1] http://portableapps.com/
[2] http://www.winpenpack.com/main/news.php

2.3 The Best Free Hex Editor / Disk Editor

I first published this item in issue #145 of the Premium edition of this newsletter. Since then I've found the recommended product HxD so useful that I felt I should tell all my subscribers about it. This portable app is definitely one product that should be in everyone's PC toolkit Here's what I said in my original review:

If you have ever accidentally opened an .exe program file in a text editor such as Notepad you will have been confronted with a mass of unintelligible garbage on your screen. Worse still, if you wrote the .exe file back to disk the program file would almost certainly be corrupted and would not work.

That's because text editors are designed only to work with text files such as .txt, .bat, .prg and .html. To view and safely change binary files such as .exe, .com and .dll files, you need a hex editor, sometimes called a binary editor. Whatever, most average PC users have no need for such a program but techies and gamers find them indispensable.

There are some excellent free hex editors available that range from the small and simple to some advanced products that are the equal of any commercial product. In total I looked at seven products: HexEdit [1], Cygnus Free [2], Hxd [3], Hexplorer [4] HHD Free [5], FrHed [6] and XVI32 [7].

Hex editors (like programming editors) are a software category in which personal needs and preferences are so important that it is meaningless to pick a "best" product. Instead, I encourage all potential users to test several or all of the products and choose what suits them best. That, of course, doesn't stop me from stating what I like.

For my needs, Hxd is a clear winner. Its virtues are first, it doesn't need installing so you can use it on your USB flash drive. Second, it has a great interface and third, it handles huge files without slowing down. Then add in unlimited undo, great searching and search/replace capabilities, full support for ANSI, DOS/IBM-ASCII and EBCDIC characters, plus a dozen other features and you can see why I like it.

But it doesn't stop there. Hxd also works as a RAW disk editor and a full read/write RAM editor. It's three utilities rolled into one. This power makes it a dangerous tool in the hands of beginners. It may also give your security software apoplexy, but users skilled enough to use this product will understand that this not a concern.

Is it perfect? Of course not. To start, it lacks binary file comparison capability and the ability to extract text strings. A built-in disassembler would also be an asset. And there are a few bugs. However, what it does offer is so impressive that it's hard to believe this fine product is free.

[1] http://www.physics.ohio-state.edu/~prewett/hexedit/
[2] http://www.softcircuits.com/cygnus/fe/
[3] http://www.mh-nexus.de/hxd/
[4] https://sourceforge.net/projects/hexplorer/
[5] http://www.hhdsoftware.com/Family/hex-editor.html
[6] http://www.kibria.de/frhed.html
[7] http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm


2.4 The Best Free Thesaurus Utility
Subscriber Bruce Fraser writes: "Gizmo, I've used your "46 Best-ever Freeware" suggestions of WordWeb and The Sage for years. The two products are virtually the same in that they both use the same data dictionary from Princeton University. Imagine a product which uses a different word database with ten times as many words. This product exists: Mobysaurus [1]. I installed it, looked up some sample words in it and compared the results to both WordWeb and Mobysaurus. I was stunned to see the difference. This is an amazing gift to the world for writers whether for pleasure or business. I donated $10 through DonationCoder but that is entirely optional." This is a great find, Bruce, but it is important to note that WordWeb and The Sage offer a combined dictionary and thesaurus, whereas Mobysaurus is a thesaurus only. Additionally, Mobysaurus is a stand-alone program, while the other two are more easily accessed from other applications. That said, it's the most powerful freeware thesaurus that I've tried and it gets my hearty recommendation for anyone who works with the written word. This is yet another outstanding free utility from the guys at DonationCoder. If you use Mobysaurus, do the right thing like Bruce did and support DonationCoder with a generous donation. Freeware, Windows 98->Vista plus .NET 2.0 framework, 4.7MB
http://www.mobysaurus.com/


2.5 Another USB Drive Encryption Utility
When subscriber Glenn McCauley wrote to me about a product called Portable Vault I got quite excited. From the website description it looked like this was a drive encryption utility for USB flash drives that didn't require admin privileges to run. Alas, this was not to be. On testing Portable Vault's "Vault" proved to be nothing more than a hidden Windows folder. Furthermore, the "vault" could not be accessed by using a drive letter as with most drive encryption utilities such as TrueCrypt. That means Portable Vault is not really suited to running many portable applications from within the "vault.". However, once the disappointment had settled I discovered the Portable Vault has some excellent features. When you encrypt a file the encrypted file is saved in the hidden Windows folder and the original is securely shredded. That means that Portable Vault saves you a step compared to using an archiver like 7-Zip or IZArc for encrypting your data. With both these latter products, the original file is left intact and needs to be securely deleted with a special secure deletion utility. Furthermore, Portable Vault won't let you exit from the program without re-encrypting your data and shredding the unencrypted file. These features alone make Portable Vault a useful addition to your USB flash drive arsenal. It's not much good for encrypting whole disks or running applications but it's one of the easiest and safest options for protecting your confidential data. Shareware, $14.99, limited feature trial version, Windows 2000-Vista, 3.5MB
http://www.migosoftware.com/store/portable-vault.html

** Additional Items in this Premium SE Edition **

2.6 The Best Free Program Launcher for Flash Drives
When I mentioned in a previous issue that I use the PortableApps program launcher [1] for my USB drive I received a whole batch of emails from subscribers suggesting PStart [2] as an alternative launcher. I tied it and it is an excellent product. It's far more configurable than the PortableApps launcher and more like a full replacement for the Windows Start menu than simply a flash drive program launcher. It has many useful features, including full support for relative paths. This notable feature allows some semi-portable apps to work correctly when used on various PCs on which the assigned USB flash drive letter is different than the drive letter the application expects. PStart also supports symbolic place-holders, such as %windows%, that allow you to start an application installed on the host, such as Notepad, even though you don't know exactly where Windows is installed on that PC. PStart also supports program launch parameters, backup and restore, customizable icons, PStart's own appearance and much more. It's all very impressive and I have no hesitation in saying PStart is a much more powerful and fully featured product than the Portable Apps launcher. Frankly, though, this is not of much use to average users. To use most of PStart's many features you need a degree of technical knowledge. Without that you won't benefit from PStart's capabilities. Indeed, you may well be inconvenienced. For example, the Portable Apps launcher allows an application that has been downloaded from the Portable Apps site to be installed more or less automatically. Not so with PStart; each program has to be configured individually. These qualifications aside, Pstart is a top recommendation for experienced users and those who are technically minded. Other users will be better served by Portable Apps. PStart: Freeware, Windows 2000->XP, U3 and non-U3 versions available, 768KB
[1] http://portableapps.com/
[2] http://www.pegtop.net/start/

2.7 Another USB Drive Encryption Utility: Option 2
Subscriber Gregory Baldwin writes "Gizmo I have been using and enjoy PicoCrypt. Albeit it won't encrypt folders, I think there are some advantages when it comes to files. I have not checked this out but the implication is that the PicoCrypt's encrypted file is written over the original file while all Zippers I know of leave the original file intact for which they then need to be shredded. Once PicoCrypt is opened and the preferences tweaked, it just sits there ready to encrypt or decrypt any file via drag and drop. Works for me." Yes it works well Gregory, and I have confirmed that it does indeed overwrite the original file, which is a most useful feature. Pity though, it won't encrypt folders as this makes it awkward to use. In many ways PicoCrypt is similar to dsCrypt [2], one of my favorite free file encryption utilities that also securely removes the original file. dsCrypt actually has some extra features, including a keylogger resistant on-screen keyboard for securely entering passwords. Both programs are tiny and fully portable. PicoCrypt: freeware, Windows 95->XP,13KB.
[1] http://www.picofactory.com/download/free/software/encryption_decryption/picocrypt
[2] http://members.ozemail.com.au/~nulifetv/freezip/freeware/

2.8 Best Free Font Manager
There are few first class font managers that are free. The best are probably X-Fonter [1] and The Font Thing [2] but neither are really in the same class as the best commercial font managers. So when subscriber Stephan Hodges wrote to tell me that the commercial product Cfont Pro [3] is now available free, I got my hopes up. Cfont Pro turned out to be a capable font viewer and manager. It allows you to quickly preview all the fonts installed on your PC as well as fonts on a USB drive or CD. You can look at fonts individually or together on a proof sheet. It supports TrueType, OpenType, Bitmap, and Postscript Type 1 fonts. It can also backup your fonts and package them for export to another computer. Overall I found Cfont Pro to be a capable product that's better implemented than X-Fonter and The Font Thing, but it doesn't offer a great improvement in functionality. Still, for average users it offers all the font management capabilities they will ever need. Freeware, Windows NT-XP, 4.42MB.
[1] http://users.pandora.be/eclypse/
[2] http://members.ozemail.com.au/~scef/tft.html
[3] http://www.cfontpro.com/


Got some favorite utilities to suggest? Send them to supporters@techsupportalert.com


3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES

3.1 Microsoft Security News

On Tuesday the 14th of August, Microsoft released nine security updates as part of its regular monthly update cycle. Six of these updates were rated as "critical." All six critical patches involved the possibility of remote code execution.

That's a fancy way of saying anyone who exploited these flaws could install and run on your computer any program they like, mostly without you being aware of it. This could happen simply by visiting a seemingly harmless website or opening a seemingly harmless email attachment.

The problem is you can't with any certainty tell which websites are potentially hostile and similarly with email attachments. That's why I have been nagging you to always surf safely using a sandbox or by running your browser with limited rights. It's also why you should open all email attachments from untrusted sources in a sandbox or better still don't open them at all.

I don't want to overstate the risk; in practice the chance of a normal user accidentally encountering a hostile website is small, maybe less than one in a thousand. Adventurous surfers are of course, at higher risk. The problem is that although the risk is small the consequences are large. Nobody wants their bank account drained overnight by some remotely located criminal.

Safe surfing may be a recommended practice but keeping your computer up-to-date with these Microsoft updates is mandatory. Unless that is, you like being a sitting duck :>)

Further details of the August updates can be found here [1]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and you will need a considerable period of time online for them to download successfully. If you have any doubts whether you have received the updates, then visit the Microsoft Update Service [2] now.

[1] http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx
[2] http://update.microsoft.com (Requires IE5 or later)


3.2 Firefox Updated to V2.0.0.6
Mozilla released yet another security update for Firefox on the 30th of July. The new version 2.0.0.6 fixes two security flaws, one of which was rated as "critical." The critical flaw was in the way Firefox hands across information to other applications, most notably Internet Explorer. It's been a controversial area, with some arguing that the flaw is actually in IE, while others, including US_CERT, say it's the fault of Windows. Whatever, users with automatic updates enabled should have had the new version automatically delivered and installed. You can check by selecting Help / About from within Firefox. If your version number is less than V2.0.0.6, then update manually from here [1]:
[1] http://www.mozilla.com/firefox/

3.3 Just How Safe is Portable Computing?
In recent issues I've talked a lot about the advantages of portable flash drive computing and some of the risks involved. I've focused on maintaining security by encrypting your data but subscriber Geoff Worboys had written an interesting and informative article in which he looks at some of the broader security issues that need to be considered.
http://www.techsupportalert.com/usb-security.htm

3.4 Secunia Inspector now Available as a Free Stand-alone Program
In recent months I've urged all readers to scan their PCs regularly using the free Secunia online Software Inspector Service [1]. It's a terrific product that identifies software with known security defects on your PC and tells you where you can get the latest patches and updates. Now Secunia has released a downloadable version that runs on your PC rather than from their website. According to Secunia, it looks for and checks "4,200 different applications", while "the web-based Secunia Software Inspector only detected around 40." Unlike the online service, it also checks for products that have reached the end of their life and are no longer being supported. It's currently only a beta and has a few bugs. On my PC it detected several products that had already been patched and insisted on evoking Internet Explorer for update downloads rather than my default browser Firefox. That aside, it detected nine software packages with flaws and another eleven that were obsolete, all of which were missed by the online service. Am I impressed? You bet! This is a mandatory download even though there are bugs. Many readers will be shocked by the number of flawed software packages on their PC which are revealed by this product. Beta software free for non-commercial uses, Windows 2000 SP4, XP SP2, 2003, 5.3MB.
[1] http://secunia.com/software_inspector/
[2] https://psi.secunia.com/

3.5 AOL Drops Kaspersky from its Anti Virus Shield
The free AOL Anti Virus Shield no longer uses Kaspersky AV as the engine. Instead it uses McAfee. This is one big step backwards; I always thought the original offer was too good to last. As a result of this change I've deleted AOL AVS from my "46 Best-ever Freeware" recommendations. For my latest recommendations check the link below:
http://www.techsupportalert.com/best_46_free_utilities.htm#2

3.6 VMWare for the Mac: a Competitor for Parallels
For those wanting to run Windows software on a Mac, the Russian "Parallels" software has been the product of choice. This looks to change with the release of a beta version of "Fusion" from VMWare, makers of the popular Windows and Linux virtualization products. VMWare brings to this market a lot of credibility; its current products are excellent performers and VMWare has a huge amount of experience in the area. The specs look impressive too: Fusion can run DOS, almost all versions of Windows including Vista, dozens of flavors of Linux and a whole stash of 64 bit operating systems as well. It's well priced too - $59 with $20 mail in rebate. I don't have a Mac so I haven't tried it, but on paper it sounds formidable. Thanks to subscriber Lex Davidson for the suggestion.
http://www.vmware.com/beta/fusion/

3.7 The Real Security of Fingerprint Protected USB Drives
Subscriber Melvyn Mildiner recently pointed me to an article [1] that showed that USB flash drives protected by a fingerprint reader may not be as secure as you think. It's a problem with all proprietary security solutions; these devices are rarely tested by independent bodies so users simply have to take the word of vendors that these devices are secure. This is hardly an advisable practice.
[1] http://www.everythingusb.com/biometric_drives_hacked_12502.html

3.8 BlackIce Firewall Discontinued
According to this website [1], the well known BlackIce firewall will be discontinued on September 19, 2007 though support will continue until September 29, 2008. There is some good news here: Sunbelt Software is offering registered BlackIce users a free one year subscription to the full version of Sunbelt Personal Firewall. This includes toll-free support and all updates. Full details can be found at the link below. Thanks to subscriber Rick Farrow for letting me know about this.
[1] http://www.saveblackice.com/

3.9 Important News for Yahoo Mail Users

If you are receiving this newsletter using a Yahoo mail account consider yourself lucky.

In the last few months less than 50% of my Yahoo-based subscribers have got their monthly copy of Support Alert. This compares to a delivery rate of around 98% for subscribers for other email addresses.

The problem is so bad I am currently recommending that anyone with a Yahoo subscription delivery address should change to another email address. Gmail and Hotmail work fine, even AOL; the problem is restricted to Yahoo.

To my knowledge this problem does not affect any of your personal mail going to your Yahoo account. It is restricted to bulk mailed publications like Support Alert.

Free edition subscribers can change their email address from here [1]. Enter your current email address as shown at the end of this newsletter and leave the password blank. Then click "Settings" to change your email address.

Premium subscribers can change their delivery address from their subscription control panel [2]

The technical cause of the problem is that Yahoo is randomly rejecting connections from my Lyris mail server (lyris.webelists.com) with SMTP error codes 421 and 451 which means "Message temporarily deferred." These messages are received repeatedly but randomly on retries. The problem has nothing to do with spam filters or issues ending up in your bulk mail folder. The problem is much further back; the missing issues don't even enter the Yahoo mail system.

Other reputable newsletter publishers are apparently having similar problems. I have written to Yahoo but at this stage there is no permanent solution.

If you don't want to change your Yahoo email delivery address then please email Yahoo customer support here [3] and tell them you really want this newsletter delivered. Attach a copy of the newsletter to make the point that it is a serious and legitimate publication. If you do write to Yahoo, please CC me a copy.

[1] http://www.webelists.com/cgi/lyris.pl?enter=support.alert
[2] http://www.techsupportalert.com/am/member.php
[3] abuse@yahoo.com



4.0 OTHER USEFUL STUFF

4.1 A Real Computer for Your Car
I don't know about you but I often miss not having access to my PC when I'm in my car. Often a question will come up in discussion with my wife and I want to Google it but I can't. Sure, I could use my laptop, but by the time I drag it from the back seat, unpack it, boot it and get a wireless internet connection I would probably have forgotten the question I was going to look up. Here's the solution: a full-on Windows XP-based car PC that boots up when you turn on the ignition. With a 7" high-luminance touch screen and the ability to accept a wireless PCMCIA card, it looks to be just what I want. Now if only I could get my wife to agree :>( Thanks to Callie Jordan for the find.
http://www.gnetcanada.com/vehiclepc-carpc-overview.asp
https://www.timekiller.org/carpc/  => Linux driven, home-brew car PC

4.2 Lots of Free Utilities to Help You Communicate
Subscriber Chris Dolmar has sent me an amazing collection of links to web-based communications services. This includes client-free chat systems, free fax services, web-based SMS, email to snail mail, tele-conferencing, invitation systems and many more. Chris's list is too long for this newsletter so I've put it up on my website. I strongly suggest you check it out as I'm sure you'll find something new and useful. Note that I haven't checked every service suggested so normal caution applies. However, those I did try really impressed me.
http://www.techsupportalert.com/e-communications.htm

4.3 Free Utility Helps You Learn Things Quickly
I recently had an email from Claude Pavur who has developed some excellent software called the Reading Acceleration Machine [1]. It's quite simple; it just flashes text up on a screen at a user-variable rate but is really handy for anyone learning a language or a set piece of text. You can download it here [2]. Claude also praised a free software installer called "Install Creator" [3] that he used to package his software for distribution. I haven't tried it though.
[1] http://www.slu.edu/colleges/AS/languages/classical/ram/ram.html Freeware, Windows 98-XP, 722KB.
[2] http://www.download.com/Reading-Acceleration-Machine/3000-2279_4-10715529.html
[3] http://www.clickteam.com/eng/index.php

4.4 Freebies Galore
Andreas Büsing is one of the most prolific and reliable contributors to this newsletter. This recent set of suggestions from Andreas is typical of his well chosen offerings:

1. A collection of 50 + free tools to create a digital story.
http://cogdogroo.wikispaces.com/StoryTools#Slideshare
2. A collection of teaching videos by Russel Stannard
http://www.teachertrainingvideos.com/
3. Quick answers to real classroom technology questions. 4.
http://etc.usf.edu/te_mac/movie>
5. Free PBwiki - Wiki Workshop video tutorials from Atomic Learning? Don't wait too long. The trial expires at the end of September.
http://www.atomiclearning.co.uk/pbwiki>

4.5 Useless Waste of Time Department
Here's a site where you can ponder reflectively as you watch the real-time statistics on world population, births, deaths, deforestation, oil burnt, cars produced and more. It's quite hypnotic watching these figures as we creep towards our Malthusian doom. Thanks to JW for this one. No thanks to Malthus.
http://www.poodwaddle.com/worldclock.htm

** Additional Items in this Premium SE Edition **

4.6 Portable Games for Your USB Flash Drive
USB sticks are great for business applications, but why not include some fun products on your drive as well? Here are some of the top-rated games from the Lupo PenSuite of portable applications [1]. Thanks to subscriber Zeeshan Ali for telling me about Lupo. Even if you are not interested in games, Lupo is well worth checking out.
[1] http://lupo73.altervista.org/
[2] http://lupo73.altervista.org/schede/games/zetrix.htm
[3] http://lupo73.altervista.org/schede/games/portablepuzzles.htm
[4] http://lupo73.altervista.org/schede/games/openarkanoid.htm
[5] http://lupo73.altervista.org/schede/games/mines-perfect.htm

4.7 Free Utility Let's Normal Programs Run on USB Drives
According to the website "PackageFactory for U3 lets you convert any application or EXE into a U3P Package File, for free. You can then install this U3P file onto any U3-compatible flash drive. PackageFactory for U3 works best for simple programs and applications with few support files (although you can add as many supporting DLLs and other EXEs as you need)." I tried it and indeed it works well for simple applications but not anything complex. You certainly won't be able to run Microsoft Office using PackageFactory. The weird thing is that, for the programs that PackageFactory did manage to get running on a U3 drive, I could achieve the same results just by copying the hard drive installation directory to my non-U3 USB drive. That said, I can see that owners of U3 drives would find PackageFactory useful, particularly given that the product is free. Me, I prefer non U3 drives because they are less restricted in what you can install. Free for commercial use, Windows version compatibility not stated, 658KB
http://www.eure.ca/

4.8 Get RoboForm Pro and ZoneAlarm Pro Suite for Free
Subscriber Bruce Fraser writes "Gizmo for years I've been using the "Last Uncrippled Freeware Version" of RoboForm (version 4.6.8), available from lots of places including this site [1]. But last month I obtained the latest version of RoboForm for free. And I did it legally; in fact with Siber Systems' (the RoboForm company) invitation! First, some background. There are at least two promoters (probably different branches of the same company) who offer full-version software for free, in exchange for trying a product they are promoting: www.checkoutfree.com and www.trialpay.com. Most of the offers involve buying something else (usually just the shipping charge; a good deal if it's something you really want); but a few of the offers are no-charge-if-you-cancel-during-the-trial-period. Some people find this a bit dicey, given the notorious tendency of some companies to hang on to their customers when they try to cancel. I've done it twice though, with no hassle at all. I waited a full month before telling you, just to make sure there was no funny business on my next credit card statement. These webpages [2], [3] explain the system in more detail as well as list many of the products available. Most of the products are unnecessary; your website and others give excellent freeware alternatives. But a few of them are truly worthwhile such as RoboForm Pro and ZoneAlarm Pro."

Thanks for that Bruce. I've known about this setup for a while and have always wondered what the catch was. Based on your experience it looks like there may be none.

[1] http://www.321download.com/LastFreeware/page7.html.
[2] http://www.oscandy.com/free/548-get-30-retail-commercial-software-for-free
[3] http://www.fatcash.com/t/18/740093/

4.9 New Premium Edition Subscription Management System

Your old Premium Supporters' Area username and password of "supporter" and 4u2bhappy! will no longer work as a new subscription management system was introduced on August 1.

All premium subscribers have been assigned a new temporary username and password consisting of their subscription email address. That's the address at the very bottom of this newsletter.

If you have not already done so, please login to the new system here [1] and change your username and password to something that makes sense to you. The most foolproof method is to copy your email address from the bottom of this newsletter and paste it into both the username and password fields.

I emailed all users last week with full details of these changes. If you didn't get that email then please read it online here [2].

[1] http://www.techsupportalert.com/am/member.php
[2] http://www.techsupportalert.com/new-system.htm



5.0 TIP OF THE MONTH

5.1 How to Improve Your Security When Using a Public Terminal (Part 5 of 5)

Today I'm going to talk about the special problems involved in protecting your RoboForm master password when using Roboform2Go from a USB flash drive connected to a public terminal.

I strongly recommend using RoboForm2Go [1] for safely accessing password-protected websites. It's one of the easiest and most valuable steps you can take to improve your mobile security.

With RoboForm2Go, all of your website passwords are safely encrypted on your USB flash drive, and it's virtually impossible for anyone to decrypt the information from the stored files.

Impossible, that is, unless they have your master password. And there's the catch.

To use RoboForm2Go you must at some point, enter your master password. If attackers use a keylogger to capture that password and also copy your RoboForm2Go password files from your USB drive, then they will have complete access to all your passwords. Hardly a pleasant thought.

So protecting your master password is absolutely critical.

In recognition of this problem, Siber Systems, the developer of RoboForm, has implemented some features that make it more difficult for keyloggers to capture your password.

First, they disable copying text from the master password window. Second, they disable drop and drag. Third, the password entry window contains no text, only graphics. Finally, and most importantly, they include in the password window a link to a special screen based keyboard (MOK) that allows you to enter your master password using mouse clicks.

Frankly, the first three of these measures are of limited benefit. They don't stop most keyloggers and, unfortunately, limit the range of obfuscation measures you can use to disguise your master password. You can't, for example, use the highly effective technique of dropping and dragging part of your entered password from the end of the password to the start. Nor can you cut and paste text from within the master password window or type dummy characters elsewhere in the window.

So these RoboForm security measures are really of limited value. So limited that I've been able to capture the RoboForm master password in every keylogger I've tried.

These particular measures may be limited in value but the MOK built into RoboForm2Go is much more useful. It's quite a secure implementation, unlike the inbuilt Windows MOK.

In total contrast to keyboard entered passwords, I'm yet to find a single keylogger that can pick up passwords entered by the RoboForm MOK.

But there's a small catch. While a keylogger may not be able to grab your password, a screen session recorder can. That's because the RoboForm MOK indicates visually each time you click a "key" with your mouse. This makes your MOK password entries plainly visible on a screen movie.

It would have been much smarter for Siber Systems to have indicated a keyboard press with a sound from the PC speaker and have no screen indication at all. That way a screen session recorder would only show the movements of your mouse over the keyboard without showing what "key" you actually clicked.
That's the bad news. The good news is that the hostile use of screen session recorders is rare compared to the use of keyboard keyloggers. In fact, very rare. That's because taking a live screen movie consumes a lot of computer resources. So much that the computer would be really slowed down and the presence of the keylogger made obvious.

Periodic screen snapshots are, however, reasonably common in keylogging programs. That's because they take far fewer resources than a video, yet still reveal a lot. Fortunately, they are most unlikely to capture enough of your MOK input to reveal your master password. Think about it. Even if the logging program took a screen shot every second it would be virtually impossible to get your entire password. But screen recorders take shots much less frequently than once a second - most operate in minutes rather than seconds.

So on balance using the RoboForm2Go MOK is the way to go. It's not perfectly safe just very safe. It is however, way safer than using keyboard input to enter your master password.

But before you enter anything with a MOK do turn around and make sure nobody is watching over your shoulder. Shoulder surfers just love MOK password entry :>)

NOTE: I have written to Siber systems to suggest they change their MOK to indicate a key-press with a sound rather than a visual screen indication. Let's hope they do it.

[1] http://www.roboform.com/pass2go.html

6.0 FREEBIE OF THE MONTH

6.1 The Uninstaller You Have Been Waiting For

Sooner or later every user encounters the situation where they try a program, decide they don't want it, and proceed to uninstall it only to find the uninstall goes wrong, or worse still, no uninstall program was included with the original program.

Normal uninstall utilities are of little help in this situation. That's because they work by taking a snapshot of your system before and after installing a software product and use the difference to uninstall that product if required. This is a useful capability but its weakness is that the uninstaller program must actively monitor every software product you install. Often this is not the case.

Revo is an uninstaller that works differently. It can uninstall a program without the need to monitor its installation. It works by automatically doing what an experienced user would do manually. It removes all the program's files, autostart entries and removes all obvious registry entries.

This process can never be better than an inspired guess, but it's sure better than nothing at all.
I ran some tests by getting Revo to uninstall a product whose installation I had monitored using ZSoft Uninstaller, a before and after uninstaller.

By and large Revo did a fine job, though not quite as good as a skilled user would do manually. There were still some remains left over, notably files stored in the user/local settings folder.

That said, the leftover files did no harm other than take up disk space, and they certainly would not interfere with the normal operation of the PC.

Note that when you ask Revo to uninstall a program, it first looks for the product's uninstall program and will run that program if it is found. Only if the search fails will it try to remove files and registry entries itself.

Note, too, that Revo can also act as a before and after uninstaller, but frankly this is not its forte. The freeware utility ZSoft Uninstaller [2] is a better choice for this particular application.

Overall I was very impressed by Revo. It is the only freeware product I know of that will make a decent job of cleaning up a failed install. It's not perfect in its un-installation, but it does a fine job in the circumstances and offers a lifeline to average users. Next time you encounter a failed uninstall, remember Revo. You will be glad you did. Thanks to subscriber Dieter Callens for the suggestion. Freeware, Windows 2000-Vista, 1.27MB.

[1] http://www.revouninstaller.com/
[2] http://www.zsoft.dk/

*** Bonus Freebie in this Premium Edition ***

6.2 Free Utility Lets You Easily Edit MP3 Files

mp3DirectCut [1] allows you to edit MP3 files directly without having to go back to the original. It's ideal for removing commercials, getting rid of plops and other wanted noises, cutting and pasting different MP3 tracks, or simply building your own ring tones from MP3 snippets.

This specialist utility is remarkably powerful, particularly given its tiny size: a mere 169KB. Apart from its powerful editing functions, it supports ID3v1.1, layer 2 (DVD audio) and cue sheets. It has automatic pause detection, allows fade-in and out, volume normalization and more. It allows direct MP3 creation from multiple sources, provided you have an MP3 codec (such as the wonderful LAME encoder [2]) in the same folder as mp3DirectCut.

It's really easy to use; quite intuitive really. And did I tell you that it's portable and totally free.
mp3DirectCut is an absolutely outstanding product and the developer, Martin Pesch, should be congratulated. Freeware, All Windows versions, 169KB

[1] http://mpesch3.de1.cc/mp3dc.html
[2] http://lame.sourceforge.net/index.php

7.0 MANAGE YOUR SUBSCRIPTION

To change your email delivery address, username or password login to your Premium Edition Subscription Control Panel. Here you can also renew your subscription or check your expiry date.

To log-in, use your username and password. If you have not yet chosen a username and password then login using your subscription email address for both username and password. Your subscription email address can be found at the very end of this newsletter.

From your control panel you can also access the Premium Supporters' Area. There you'll also find all individual back issues, a downloadable back issue archive, an extensive FAQ plus a growing list of resources exclusively available to Supporters.

If you no longer wish to receive this newsletter, send me an email at supporters@techsupportalert.com. Remember to state the email address at which you are currently subscribed.

Receiving duplicate issues? If you are receiving an unwanted copy of the free edition of this newsletter, you can cancel that subscription by going to the following link: http://www.webelists.com/cgi/lyris.pl?enter=support.alerth

Enter your email address. No password is needed. You can then cancel your free subscription.

Note that the free and paid editions are totally different publications so you can unsubscribe to the free edition without any chance of impacting your paid subscription.

The 46 Best-ever Freeware Utilities
http://www.techsupportalert.com/best_46_free_utilities.htm

The Extended List of the Latest Freebies
http://www.techsupportalert.com/more/extended.htm>

For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79

Thanks to subscriber Roger Keeny for proofreading this issue..

For convenience North American subscribers can contact this newsletter by snail mail at:

Support Alert
PO Box 243
Comstock Park, MI 49321-0243 USA

Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2007

See you next issue. Next month's issue will be published on the 13th of September.

Gizmo
Ian Richards
editor@techsupportalert.com