Friday, November 27, 2009

Login Security Tips

Today many of us live online, we bank, shop, and communicate with old friends via the internet. The problem with online life is that your identity is out there in so many places eventually one of the sites will be compromised. To protect ourselves we come up with passwords that supposedly only we know. Problem is people don't take the time to use properly secure passwords because they are too difficult to remember. How many people use the word "password" for their password? It happens all the time. So to combat this many sites require passwords of minimum lengths, this is fine except if you are using a word out of the dictionary, it is fairly trivial to crack. So to really get a secure password, we need to use a password with more than a few characters and it needs to include letters, numbers, and if the site allows it, symbols to make a decently secure password. Another problem then arises how do you remember your password? Security expert Bruce Schneier http://www.schneier.com/ recommends people can write them down and post them by their computer. This may sound crazy, but his point is simple, it's more important to have a secure password you'll never remember than one that's easily discovered by hackers. The fact is if someone has physical access to your computer all bets are off anyway.

My only problem with this idea is many people need to access their secure information while they're away from home or the office. Having your passwords written down while you're on the road is not a good idea, so you need to devise a way to create secure passwords that can be remembered. Doing this isn't as difficult as it sounds, devise a method that makes sense for you and use it consistently. One method I've used is to take a line you remember from a song you like and take the first letter of the line and then add numbers or symbols to it that make sense to you. I use lines from old songs I remember and I add numbers of old addresses, birthdates, or a series of numbers I just picked at random but can remember. The important thing is that it be easy to remember and totally random. The length of the password is also important less than 8 characters is too short, ideally 20 characters are considered totally secure most people can come up with a 10 to 12 character password they can remember that will be very secure.

Many people prefer to use a program to remember their passwords. A couple of very good programs I've used that are secure and easy to use are Roboform, http://www.roboform.com/ and KeePass http://keepass.info/ . While I don't use them anymore I think both offer a great service and should be considered by anyone looking for a simple way to manage your passwords in a secure fashion.

Another and potentially more serious problem which I see everywhere online, is the vulnerability in resetting your passwords. Several public figures have had their accounts hacked by the use of poor authentication protocols that websites use to reset your password in case you forget, or lose it. Sara Palin the Vice Presidential candidate in last year's national election in the United States is a great example. Her Yahoo mail account was hacked into because the security question was easily guessable and available on Wikipedia. This problem is perhaps the single largest login security hole we are facing. Typically websites ask questions like your mother's maiden name, or your first home town. This information can be often found in publically available locations. A better protocol is for sites to have the user to set their own "secret question". This is better but you still need to be careful not to use questions which can be guessed or known by others. On a more delicate note people need to realize that identity theft occurs most frequently by people that you know personally. It's not a good feeling, but it's statistically a fact, and shouldn't be ignored.

So how do you get around this problem of authentication? Simple, you lie. If you have to use your mother's maiden name, make up one you can remember. Use the name of someone else you may know or use a color you hate. There's no law that says your mom's maiden name isn't pink or you have to be truthful. Just make sure you remember the fake name you choose.

Logging into websites we use is easy to take it for granted. The problem is once your identity is compromised it can be a nightmare to fix all issues that will arise. Take the time to use good, secure passwords and remember, that your security questions you are asked are just as important as your passwords.

Thursday, November 26, 2009

When it comes to malware removal use a shotgun not a rifle.

Cleaning an infected computer is a challenge, unfortunately the malware writers are getting talented which translates to real trouble if your machine gets infected. Many computers ship with large all in one security suites. These all in one programs look good on a checklist comparison in PC Magazine but I prefer to use a variety of programs from different vendors, each using a slightly different method of cleaning your machine to give you the best chance of finding all the of the bad files.

Recently I had to deal with a Lenovo Thinkpad my daughter had been using. The laptop was recently given a clean install of Windows XP and is a spare machine I use only occasionally. After my daughter had finished using it, I did a routine scan using Malwarebytes a very good free anti-spyware program. The scan found 15 infections including some Rootkits, which can be very difficult to remove. So Malwarebytes told me I needed to reboot the computer to finish the removal, I complied and rescanned. Same results, same Trojans, same Rootkits, so I scanned with Microsoft's Security Essentials, a new free anti-virus Microsoft recently released. Security Essentials found nothing at all, so I tried a new (to me) website, virustotal.com. Virustotal allows you to upload suspicious files to scan to determine if they are a threat or possibly a false positive. I uploaded the file that was showing up the most frequently on the quick scans, virustotal scans the file using over 40 different malware removal engines, only one McAfee Virus scan found the file to be suspicious so I was beginning to think I might have a false positive. The fact that the file kept reappearing was very suspicious so I needed to get serious.

The next step was to run CCleaner a very good registry, and temporary file cleaner. CCleaner will make virus scans faster and may delete files that are allowing a possible payload to reload when you restart the computer. After using CCleaner I installed Superantispyware, a program I always install as one as my primary tools to combat spyware. The fact that this computer was a fresh rebuild was the only reason I hadn't installed it yet. Installing and running Superantispyware goes very fast, it's a great program that is the favorite of many computer technicians. Super lived up to it reputation and found a number of problems including one Trojan with multiple registry entries. Rebooting the machine after Superantispyware finally yielded some results. Additional scans from Superantispyware and Malwarebytes came up clean. My next test is to run a HijackThis. HijackThis is a very powerful tool which must be handled with care. Installing HijackThis is simple, using it effectively is another story. The best way for most people is to run HijackThis which will create a log file. Next post this file to a web site where experts can parse your results and determine if you still have any suspicious files remaining. My preferred site is http://www.hijackthis.de/ the site is primarily in German, don't let that deter you though, they have a scanner that will scan your log file in real time and give you a good idea right away if HijackThis has found anything.

If you have run and re-run your scanning tools run a HijackThis and everything comes up looking okay, you're probably malware free. But for the next few reboots you should continue to make sure your anti-malware programs are up to date and keep rescanning periodically. Most malware these days wants to hide in the background. You may be infected and never know your machine is stealing your passwords and draining your bank account. So stay safe, keep your data backed up and if you get infected use as many tools as it takes to get secure again.

http://www.malwarebytes.org/

http://www.microsoft.com/Security_Essentials/

http://www.superantispyware.com/

http://www.virustotal.com/

http://free.antivirus.com/hijackthis/

Sunday, November 8, 2009

Windows 7 Security Essentials

Windows 7 is a big deal, many people in the tech industry believe it will be the catalyst for the next tech boom in hardware sales. Could be, Windows 7 is a great OS. Staying secure in Windows 7 however still requires users to be careful. If you upgrade to Windows 7 one of the first things I recommend most users do is go to UAC in their start search click on "Change User Account Control Settings" . Once the UAC window appears use the new slider interface to move your security settings all the way to the top to "Always Notify Me", the most secure setting you can have. The reason is obvious the UAC is there for a reason, to protect you. There's no point in turning down your protection you have built in to your computer.

To back up this point I found a post from Sophos, a security software company that found a random sample of 10 malware samples 7 infected Windows 7 running UAC at its default mode. It also ran the test on a machine running no security software. http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable

Neowin a popular Windows blog however cried fowl, and ripped the methodology of the "study" and I admit Sophos sells sell security software so their motives might be questionable. But I still think it's prudent and wise to turn up your UAC. http://www.neowin.net/news/main/09/11/04/sophos-windows-7-vulnerable-to-810-viruses-fud-alert

So the next step after turning up UAC is to make sure you have an antivirus program. The free Microsoft Security Essentials is a fine, free program and I'm running it on several machines. I'd also get Malwarebytes anti Malware software and top it off with Superantispyware another great antispyware program. Another common item on the security checklist is to type "Folders" into the start search, open "Folder Options" and select "View". Uncheck "Hide Extensions for known File Types" this way when someone sends you a picture you normally see as a .jpg file you will see the jpg.exe it really is. Pictures don't normally have executables in them, and for some unknown reason Microsoft continues to hide known extensions by default.

Security threats being what they are, a few quick techniques will help keep you safe, even with the latest and greatest from Microsoft.

Upgrading to Windows 7

Windows 7 was finally released to the public on October 22nd. The release followed over a year of Pre-beta's, beta's, and release candidates all open for public consumption. The strategy of allowing the public plenty of access to Windows was a sign of confidence that was well placed. Windows 7 is a hit; it's a great improvement over Windows Vista and has received great reviews in the tech press.

The one question that remained unanswered prior to the release was how the upgrade version would work. Would users be able to do a clean install with the upgrade media, and how would Windows 7 install on computers running Windows XP which isn't supported for doing in place upgrades?

Fortunately the upgrade version of Windows 7 for any legitimate install works just fine. For my own use I installed 3 copies of Windows 7 which I purchased last June during the special half off sale Microsoft ran for a limited time.
The first install I did was a clean install using a hard drive that had Windows Vista already installed on it. Booting from the install media I was given the option of doing either a Upgrade Install or a Custom Install. Choosing the Custom Install, you then click on advanced options, and then choose which partition to install on. At this point you can choose, as I did to format the C drive and do a clean install over the previous version. The other option is to parallel install and end up with a windows.old folder on your C drive. Installing over the old version is useful if you're not sure you have a good backup of your data. The windows.old folder can be explored and files can be dragged into the new install with no problems. Once you're done with the windows.old folder it can be deleted with no problems.

On this install the process went very fast, it took maybe a half hour to complete. This machine is running a Core i7 and a 10,000 RPM Western Digital Velociraptor Hard Drive, so a fast install wasn't surprising. Reinstalling my old applications took longer than the install but I was up and running at full steam in no time. The next install I did was an in place upgrade of a 2 year old Dell Inspiron 1420 laptop. This required a lot more time and work before and during the install. Prior to the install I ran the "Windows 7 Upgrade Advisor" available from Microsoft. This saves you from potential hardware and software conflicts when doing the install. The advisor indicated I needed to uninstall several programs including iTunes and NOD32 antivirus. This also turned out to be a good time to get rid of a few other programs I hadn't used for a while so once I had cleaned up my Program and Features in Vista I ran the install. The upgrade took about 2 hours and once completed I was able to reinstall iTunes and NOD32 and things have been running great ever since.

My last upgrade was for my HP Mini 2140 Netbook running the standard Atom 1.6 GHZ Atom Processor. This was a fairly new computer and had little if anything to be backed up. So I just used the upgrade install disc to format my C drive and do a full clean install. Once again it went without any issues at all.

Overall my experience with doing both clean installs and in place upgrades went great. Some issues have come up for some people though. When using a upgrade version of Windows 7 and installing it on a new or previously formatted hard drive you will not be able to get past the point in the install where you are prompted to enter the product key. Instead, you need to continue on without entering your key. Once the install is complete type activate in your Start Search and click on activate Windows. You will be prompted to either activate online or by phone, choose phone and then answer the questions you are asked. As long as your computer came with a copy of Windows you are entitled to the upgrade price.

Some links for Windows 7 the upgrade advisor download: http://www.microsoft.com/downloads/details.aspx?FamilyID=1b544e90-7659-4bd9-9e51-2497c146af15&displayLang=en and a great tutorial for upgrading XP to Windows 7: http://www.butterscotch.com/tutorial/Upgrading-From-XP-To-Windows-7-An-Overview-Of-Whats-In-Store

Thursday, October 1, 2009

Superantispyware Pro Version

About a year ago I reviewed Malwarebytes  antispyware program and I gave it a great review. One of the comments I received was from Mike Duncan Director of Business Development from Superantispyware, a program I’ve used for a couple of years now. The representative offered me a free license for SuperAntispyware Professional Edition. I was delighted with the offer since I’ve always been pleased with free version. So I took him up on his offer and gave it a try, and that’s where my problems began. I installed the program put in the license and all seemed fine. It worked fine until the next reboot, at this point Superantispyware would ask me for a license key each and every time I restarted the computer. So I uninstalled the pro version and forgot about it.

Eventually Mr. Duncan emailed to ask me how it was going. I let him know what happened and suggested try the latest version. So I gave it another shot and this time the program worked fine. With no issues with the license SuperAntispyware Pro began to show it stuff!

SuperAntispyware free version had always impressed me with its low resource use, the Pro version carries on this behavior using only 4280K in memory when running in the background according to the “task Manager” for all users. Running a scan bumps ram use up to 6352k, on my Dell Inspiron 1420 with a 2.2 GHZ core 2 duo. The ram usage is very lightweight and impressive, as is the free version. The real time protection you get from the Pro version is very good. It can prevent you from getting into trouble when you go to a website that’s been compromised and it does a good job of cleaning a computer that’s been infected. The “quick scan” took a while, close to a half hour on a 320 gig hard drive with about 76 gigs free. The quick scan took a little too long for my tastes but it is really more of a full scan compared to the quick scan of other programs.

SuperAntispyware Professional edition is an amazing value, for just 29.99 it provides the user a lifetime license. For this price its really hard to pass up the Pro license, no yearly subscription just a one time payment. It can be used with other antispyware programs and it makes a great combination with Malwarebytes.

SuperAntispyware Professional is a great program for a terrific price, I consider it a great value and its definitely what I consider one of the best of the new breed of anti-malware programs available today.


Get SuperAntispyware Professional at http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE

Sunday, July 19, 2009

HP Mini Note 2140

Recently I purchased a MSI Wind U115, this is a great little netbook with a very innovative hybrid hard drive that delivered incredibly fast boot times and very snappy performance in general. Unfortunately the keyboard was just to small for me to get use too, and I returned it.

After looking around at the various retailers I realized that the HP netbooks all had one thing in common, great keyboards. The large sized keys and 92% full sized keyboards make typing much easier so I looked around for the model I wanted and found I wasn’t able to find the model I wanted anywhere locally so I ordered it online from CDW a large technology reseller. The service from CDW was awesome, they as good as you will get from an online retailer, enough said.

The model I ordered was a HP Mini Note 2140 It has a 10 inch screen and the aforementioned keyboard and a great aluminum case that has a much nicer finished than many of the plastic netbooks  I looked at. The boot up times and performance aren’t bad at all, not quite as snappy as the U115 but quite acceptable. I am currently removing much of the trialware that comes with the computer and I expect performance to improve once I’ve replaced things like the McAfee’s security suite with an antivirus that will be lighter weight. Right now I’m pleased with the size and build quality, the keyboard is smaller than normal but for me useable, unlike the MSI Wind keyboard and its little tiny keys.

So for initial impressions I’m quite happy I already find the size has me bringing the 2140 places I wouldn’t have bothered with before and I find it useful having it around. Netbooks don’t replace full sized desktops or laptops but they fill a niche I have wanted for some time.

Free Cloning software Part 1: Easus Disk Copy

Upgrading your hard drive can be a rewarding and simple procedure for the everyday computer user. Cloning your hard drive or making a exact copy is the easiest way to get the new hard drive up and running quickly, It’s also a popular tool for many professional IT people to backup a computer setup to be instantly restored in case of a disaster.

There is a number of paid commercial programs that serve this purpose, Norton Ghost is very popular as is my favorite, Acronis True Image. Both do a great job and have a number of useful options besides the cloning function. They are great programs but they cost money, and money is tight right now so I thought I try out a few free cloning programs that do the job just as well, albeit without the options the paid programs include.

The first program I tried successfully was Easus Disk Copy.  Disk Copy allows a user to replicate their hard drive on to a external hard drive, the only option besides a full copy is to choose an individual partition a useful feature that I didn’t test.

Easus Disk Copy is simple to use, you download the program and burn the iso image to a CD. You then boot to the CD and follow a simple set of windows guiding you through the process. Once your target disks are selected you simply wait for the process to take place. This is where Easus falls short of the paid programs I’ve used. The entire operation took over 3 hours to clone a drive with about 140GBs of data to the new drive, not a big deal for most situations but if you’re in a hurry you’ll want a different program.

Another issue which was no big deal but could be for some people, was that out of the 3 drives I cloned 2 required me to repair the Windows Boot Loader using an install disk. No big deal for me but if you don’t have an install disk for the operating system you have or don’t feel comfortable doing this, it would be a real hassle.

Overall I think Easus Disk Copy did a fine job, it’s free and relatively simple. Since hard drives have become so inexpensive it seems silly to pay for software if you’re only using it on rare occasions. I give it a conditional “fully recommend” rating’ the condition being the user knows how to burn an ISO file and is able to repair the boot loader if needed.

Get Easus Disk Copy here http://download.cnet.com/Easeus-Disk-Copy/3000-2248_4-10867157.html

Monday, July 6, 2009

The MSI Wind U115

The MSI Wind U115 is in a class of its own in the world of netbooks. Unfortunately it’s destined to stay exclusives a few months after being released, MSI is discontinuing the U115 due to the nuances of Microsoft’s licensing policies. The Wind U115 features a bit of technology people have been asking for, for some time. The U115 has a combination of a solid state drive 8 gigabytes in size with a 160 gig spinning hard drive for data.

This hybrid technology delivers a fast booting extremely responsive  little computer that gets up to 12 hours battery life running several applications at a time, wireless on, with the screen brightness turned up all the way. Right now I’ve got 81% battery life left after almost 4 hours of use showing 9:35 remaining.

Like I mentioned this great little machine will not be available long, thanks to Microsoft. The guys from Redmond have decided that the standard netbook pricing for Windows won’t apply to models running the two drive hybrid configuration. Its a shame looking at the U115 no one would ever  aware of the quick launching of programs and the excellent battery life.

The U115 works very well, but its 8 GB SSD drive is almost full when you get the machine. So you start getting nag screens telling you that your C drive is almost full after installing just a few applications to the C drive. The 8GB C drive is the U115’s biggest weakness, to make this design work the SSD needs to be at least 16GB and preferably 32. 32 would allow you to install Windows 7 and a number of applications without running into the space issues. The other negative to the little MSI is the keyboard, its just way to small for my hands. The keyboard is better than the early Eee PC’s but much smaller than some netbooks, and it may be the  deal breaker for me. The touchpad isn’t bad many netbooks do strange things with their touchpads, like sat them to one side and put the  buttons in the front, MSI keeps it conventional clicking is a bit stiff and requires a deliberate push to click on something.

The finish quality of the Wind is quite good, it looks nice and has a solid feel to it. I really like the U115, but you have to be selective about the apps you install unless you want to put them on the D drive. If your going to install iTunes or the Zune software you have to put it on your D drive. I’ll continue to use the U115 but the time to return it for a refund is drawing near and I’ll have to seriously consider if I can live with the keyboard and C drive limitations.

Tuesday, June 23, 2009

Extreme Tech Website and Podcast has been given the axe

Over the last few years Extreme Tech the great enthusiast website for computer builders and do it yourself guys and gals has been one of my top reads on a daily basis. Lloyd Case, Jason Cross, Joel Durham and Jim Lynch have done a great job over the last few years and they will be missed. PC Magazine which was the corporate parent (Under Ziff Davis) has been going downhill for some time. It started with the Departure of Bill Machrone former Editor in Chief a few years ago and ended up going to online only at the end of 2008.

Also gone is the Extreme Tech podcast hosted by the same crew. The podcast was quite informative but it seems PC Mag has ended all its west coast content and is going to run entirely by the east coast branch. Too bad, from what I've seen of the PC Magcast lately they could use some substance. The new "After Dark" iteration of the show is a quick fast forward, once I figure out what it is. The regular show is fine but not really for enthusiast who build their own PC's or think slightly differently from "conventional wisdom".

So it's quite disappointing to see where PC Magazine has gone, there's nothing there for me anymore, nothing I can't get in a million other places. Anandtech, Tom's Hardware, and Maximum PC all do a great job reviewing computer hardware, they don't do the "best bang for the buck" type articles in the same way Extremetech did but, they will have to do.

So to Lloyd, Jason, Joel and the rest of the Extreme Tech crew, goodbye and good luck! And thanks for all the great information over the tears. I'm sure they'll all do fine as cream rises to the top, I look forward to visiting their new sites which I'm sure will be up soon.

Tuesday, April 28, 2009

Troubleshooting a uninstall gone bad

Today I was doing a little maintenance on my daughters Gateway laptop, uninstalling one ant-spyware program and upgrading another to real-time protection. It seemed to go fine, I ran the Uninstall from Programs and Features in Vista and enabled the full time protection in Malwarebytes with the registration codes and rebooted. When the computer shut down I noticed it installing several updates, I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! The trackpad was totally unresponsive so I plugged in a old USB trackball mouse, success! So I clicked on the admin account I keep on the machine and went to type my password, nope the keyboard didn’t work either. So I rebooted after plugging in my usb keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically I was hosed, I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account or I was stuck. So I did what any red-blooded geek would do I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the com-pu-ter, yep that one, the one no-one ever makes! Fortunately for me I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities. It took a few tries, TRK is command Line based tool and none of the instructions worked exactly as they said they would. Once the CD booted normally I ended up typing winkey u admin, this started TRK searching and mounting all the files in the system. I choose 2/enter in the next dialog then typed an * confirmed with a y, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a while longer than I anticipated, I tried deleting the trackpad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver, rebooted but this didn’t work. I finally resolved the problem but using a restore point, fortunately you can get there with just a few clicks of the mouse. So I got lucky, the USB mouse worked and the TRK worked after some trial and error. Get the Trinity Rescue Kit here http://trinityhome.org/Home/index.php?wpid=1&front_id=12, I recommend it for your toolkit, it definitely saved my bacon.

Sunday, April 12, 2009

Repair Install in Vista

I’ve heard a number of tech experts including the esteemed Mr. Lloyd Case from Extreme Tech podcast as well as others like Steve from the Podnutz podcast state that there is no way to do “repair install” in Windows Vista similar to XP, or all recent editions of Windows for that matter. Actually Microsoft has given Vista users a way to repair Vista with the install DVD, they're just hiding it a little. And although Vista doesn’t make it obvious like it used to be, it still exists.

So here’s where they're hiding it, you get a repair install in Vista by doing a “In-Place Upgrade”.

1. Start the computer boot to Vista OS.

2. Insert the Windows Vista DVD in the computer's DVD drive.

3. Use one of the following procedures, as appropriate:

If Windows automatically detects the DVD, the Install now screen appears. Click Install now.

If Windows does not automatically detect the DVD, follow these steps:

a. Click the Start Button, type Drive:\setup.exe in the start search box and then click OK.

Note: Drive is the drive letter of the computer's DVD drive.

b. Click Install now.

4. When you reach the "Which type of installation do you want?" screen, click Upgrade to upgrade the current operating system to Windows Vista. Please make sure the edition of Windows Vista is selected correctly.

I didn’t get these instructions by reading a 1000 page manual, I got them from Microsoft when I needed tech support installing SP1. I followed the instructions and it worked great for me. Of coarse if you’re doing anything this extreme make sure you have a full backup and are using the correct disk. If you have SP1 already installed you need have a SP1 disk to do what Microsoft calls an In-Place upgrade (Repair install) in Vista.

Thursday, April 9, 2009

Using Malwarebytes Antispyware Program

I spend a lot of my day listening to podcasts and one of favorites is Podnutz and Podnutz Daily hosted by Steve Cherubino. In his latest episode Steve talks to Bruce Harrison lead researcher for Malwarebytes which is the best antispyware product currently out there, in my humble opinion. The biggest eye opener for me was that Bruce kind of squashed two old habits I've had for running antimalware programs, since I started using them. Bruce stated that Malwarebytes should be run in normal user mode, not safe mode as I've done for ages. He also stated that for the vast majority of users need only run the "Quick Scan" and not the deep scan which can take hours, especially on my Terabyte desktop drive. Bruce stated that Malwarebytes concentrates on folders where malware is targeted these days and ignores folders not targeted in the quick scan. He also gives good advice about running as limited user, and actually sounds pretty optimistic about the war against the cretins who create this junk. For once someone not spreading FUD, it was refreshing.

Check out Podnutz at http://podnutz.com/ and take a look at all of Steve's great content. He's a regular working stiff who still finds the time to put together an amazing amount of online audio and now video content for tech junkies interested in either fixing their own computers or people with their own computer repair business.

Saturday, March 21, 2009

PC-BSD Best Unix for Beginners?

I recently downloaded and installed the latest versions of PC-BSD http://www.pcbsd.org/ and I have to say I’m extremely impressed. The install went fast (18 minutes), and it was extremely simple and straight forward. I downloaded the 7.02 version using the DVD option. Downloading using http went fairly quickly, I tried to use bit-torrent and there were simply not enough seeders to make it reasonable. During the install you get the option of adding various additional components already on the DVD including Firefox 3.0, Thunderbird, and Open Office 3.0. Based on FreeBSD version 7.0 PC-BSD is stable and secure, the GUI is the new KDE 4.1.2 and I really enjoy it. Installing new apps is far easier and straight forward than Linux in my opinion and I’m comparing it side by side with Kubuntu 8.10 which also uses the new version of KDE.

The secret to improving usability in PC-BSD is the PBI or Push button Installer or PC-BSD Installer. The .pbi extension has all the files needed to install the applications by simply double clicking the file, this is essentially the same as an setup.exe file in Windows or the .DMG file in OSX. The pbi applications can be found at http://pbidir.com/ where an great variety of programs can be had. For more hard core Unix geeks the FreeBSD Ports are also available. FreeBSD Ports are similar to the apt-get found in Linux systems and any FreeBSD Port can be downloaded with all their packages and dependencies to install them in PC-BSD. But for beginners everything you’ll need not on the install DVD will be found at pbi.dir.com site.

The default browser in KDE is Konqueror which is what the Safari browser was originally based on, it’s a very fast browser but I vastly prefer Firefox. Firefox on PC-BSD came with all the plug-ins installed to play you tube video’s and to render most web pages as they were meant to be seen.

PC-BSD seems like the perfect OS for a netbook, it’s lightweight and simple, and has great applications like the  Flock browser available which are perfect for social networking sites and cloud based email. Unfortunately a netbook isn’t in the budget right know  but I’d love to hear from anyone who’s installed it on one.

I’ve tried at least a dozen different Linux distros over the past few years and although they all worked fine, I really feel PC-BSD has surpassed them in ease of use for the  beginner. There were a few issue’s though. Although it runs flawlessly on my desktop, PC-BSD did have a few problems on my Thinkpad R60. The Ati video card isn’t supported for 3D graphics and the proprietary driver available on Linux builds doesn’t work. It also had a issue with my wifi card, although it would connect it never showed better than a 25% signal despite being in the same room as the router. The signal would also occasionally drop out only to reappear shortly afterward. So It’s worth looking through their support page and checking to see if your hardware is supported. If your trying it on a laptop with network cards not supported I’d hold off. It’s main feature is simplicity, but that will go away quickly if your hardware has know issues, in that case Ubuntu or Kubuntu might be a better choice.

Despite the few glitches I still recommend PC-BSD it’s well worth a try especially if your the sort of person who always like to try new Linux builds or are looking for a secure and stable operating system to put on your machine without shelling out for Windows.pc-bsd

Friday, February 6, 2009

Windows 7 UAC Security Issue

Although generally lauded, Windows 7 the next version of Windows due out later this year has a potentially dangerous security flaw built into it. User Account Control (UAC) is a security feature first introduced in Windows Vista that has been a source of complaints from many long time Windows users. UAC in my opinion was a good idea, and does improve security in Vista compared to XP. Unfortunately in the beta version of Window 7 Microsoft has changed the UI in UAC allowing users to use a slide which determines the level of annoyance UAC will operate at. At the bottom of the slide UAC is essentially turned off, at the top of the slide UAC is in "Vista" mode which notifies you anytime you try to change anything about your system. By default Win 7 leaves the setting in a position were changes to Windows does not notify the user. This makes UAC less, "in your face", and is appropriate when you are off line and setting up your new operating system. It is however far less secure than many users think they are, as two independent Windows researchers recently discovered. Rafael Rivera and Long Zheng have found that running a basic script on your computer can turn UAC off without the user knowing it. http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microsoft/.This would allow the computer to be completely compromised. This seems like the type of flaw beta releases are meant to find, Microsoft feels differently however. Seems this is one of those "it's not a bug, it's a feature" routines and Microsoft feels the feature is finished, locked into the final build, as is. The fix seems obvious, they could make changing the UAC level require administrative permission which would alleviate the problem. The least's they could do is to set the default level at the highest level so unsophisticated users are less likely to be bit by this.

I understand UAC in Vista was the source of many complaints and at least one "I'm a Mac" Apple commercial which cleverly (albeit dishonestly) made fun of the feature in Vista. So Microsoft must feel it can't win on this one. Personally I felt UAC in Vista was a worthwhile and effective security measure, and I'd argue, well worth the minor inconvenience it caused. But many people complained and so in 7, Microsoft tried to allow the user to turn UAC down so people would complain less. So to a certain extent I feel users are getting what they asked for, and you can protect yourself by turning UAC all the way to the highest setting, essentially the same as the default Vista setting.

The good thing is, Microsoft can change this, at least turn the default setting to fully protected. This is what Beta testing is for and it in no way takes away from the otherwise fantastic job the Windows 7 team has done. Windows 7 is fantastic and a ton of great features which I'll no doubt upgrade all my Vista machines because I believe it worthwhile upgrade.

UPDATE

Microsoft has come through and done the right thing. They will be modifying the UAC in 7 to require administrative rights to change UAC settings. Good for them and thanks to the Windows blogging community for holding their feet to the fire on this one.

Thursday, January 29, 2009

The Peasants are at the gate

Windows 7 is a hit. On January 10th Microsoft released the public beta of their next operating system Windows 7, and to say the least it is a hit. So much in fact, it has spawned a movement of Windows enthusiasts that want it released right now. The website http://www.releasewindows7.com/ is trying to gain support for exactly that. Their argument, that Windows 7 is not only stable and well polished, but ready to be released immediately is founded on more than fanboi enthusiasm or wishful thinking. With the poor sales and the horrible perception of Windows Vista a reality, Windows 7 is being developed by an entirely different team at Microsoft. Their approach is to only include components of the OS that are fully baked for public consumption, and apparently it worked. I've yet to see a credible review of Windows 7 that doesn't give it high ratings. This is great news for Microsoft, the economy is the worst it's been in decades and the company needs a home run with the next operating system. I haven't seen this kind of enthusiasm for an OS from Microsoft since Windows 95 and it's about time.

So as of now the peasants have armed themselves with broomsticks and pitchforks, and are beating on the doors in Redmond, demanding Windows 7 be released, and the captors couldn't be happier.

Friday, January 23, 2009

Have Win32/Conflicker? No excuses for the infected

The latest worm to plague Windows users the Win32/Conflicker, also known as "Downadup" is spreading like wildfire. Sadly there's no excuse for people catching this junk and joining the bot-net. Microsoft patched this hole on October 23rd 2008 in a out of cycle security patch. So, people who have their updates turned on automatically are protected, those who don't can get Microsoft's updated version of their Malicious Software Removal Tool here, at http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
I imagine most anti-virus programs will find this as well, but if your anti-virus is expired and your updates aren't turned on, you're probably hosed by now anyway.

It’s All About the Data

Today’s computers are amazing, when you consider the processing power available, and the amount of storage you can have for incredibly little money, even the low end bargain computers today can do amazing things. You can easily build a $500 desktop computer that has a multi-core processor, and a terabyte of storage, with the power to edit video and photos, or play graphic intensive video games. But whether you’re running a $7000 custom high end gaming machine, or a $399 special from a sale at the local retailer the most important and precious thing in your computer is your data. Data is everything, it’s your kids baby pictures, your entire music collection, or possibly that book you've been writing for the last three years.

The problem with data is, even though it’s the most important thing on your hard drive, it’s frequently the least considered. To protect your data generally isn’t very hard, but its very easy to put off. People rationalize that since the hard drive from that Windows 95 machine still runs that their current machine will be fine for now and I’ll just do that backup next week when I have time. Unfortunately just when you least expect it, your hard drive crashes the night before you finished the report your boss wanted first thing in the morning or you lose the pictures of family members that can’t be replaced.

So now you know, backing up isn’t an option.  Backing up isn’t hard, and it doesn’t need to be complicated. If you’ve never backed up before it can be as simple as buying an external hard drive, or even a large thumb drive, and dragging your important files over to the external drive periodically.

Saving your important files to a external drive is the first step. The next step will be to implement an automated system of backing up at least once a week. For that you need software. If you are running Windows Vista and you want to keep it simple the built in “Backup and Restore Center“ will help you set up weekly backups of all your important data. It’s very simple and works well, I’ve successfully used it to back up and restore all the important data on my daughters computer after a disaster.

For a more thorough backup solutions I prefer third party programs. Acronis True Image Home, is an excellent program. http://www.acronis.com/homecomputing/It has more capabilities than some users may want, but it has the ability to make an entire image of your hard drive as well as do incremental backups periodically afterward. Programs that create an image, allow you to take the hard drive you backed up on, and put it in your computer and boot up like nothing ever happened. It saves your operating system, all of your programs, settings, and your data. The new version of Acronis has great new feature, it will perform dual backups to both a flash drive and a hard drive at the same time.

This leads me to my last point, backing up to more than one location is very important. A simple solutions is to use two separate external hard drives, swap out one and backup to the second while you keep the other off site. This could be at work, at a friends house or anywhere away from your home. Another effective off site backup is to do a backup to an online service of some kind. Microsoft offers a free 25 gigabyte storage service called “Skydrive” available to anyone with a Windows Live account.http://download.live.com/  Amazon S3 service is another reliable online backup service, S3 isn’t free but you pay only for the space you use, unlike some flat rate services.http://aws.amazon.com/s3/

Backing up is necessary inconvenience, developing a routine that fits your needs will make it relatively painless, and some day it will save you a lot of heartache. Remember there are two kinds of hard drives, those that have failed and those that will fail. Many people get serious about backing up only, after they've lost all their pictures or music on their hard drive. There are many very good programs for backing up, either to local storage, or to an online service. I mentioned two which I’ve had experience with and trust, but there are many, very good ones out there.

One last point.Some people using a new online backup services which offered “free” online storage from a relatively new and unknown company suddenly got a surprise when their online storage recently went offline forever. This left them with no backup at all. So staying with companies like Amazon for your online “cloud” storage feels like a safe bet. So backup early and often, because "it’s all about the data".