Short answer: YES INDEED - but the price has been SLASHED!  Here’s why…

I occasionally receive an e-mail from someone considering purchasing my popular e-book The Hacker’s Nightmare, asking if it’s contents are still relevant. In this article I want to answer that question fairly specifically, so in future I can save time by referring such inquiries directly to here.

Not so long ago I was very close to pulling The Hacker’s Nightmare off the market, but fortunately I did a little research before taking that step.

Now if you are NOT using Windows XP, don’t stop at the next paragraph — there’s relevant stuff to come even for users of other Windows versions.

You see, the prime focus of The Hacker’s Nightmare was Windows XP and, without actually KNOWING any different, I wrongly ASSUMED that Windows XP (and thus The Hacker’s Nightmare) had run its course. Even though I still use Windows XP on some of my own computers.

But with further consideration I realized that is by no means the whole truth, or the only consideration.

For one thing, much of the book is NOT operating system specific. There are many chapters that deal with the generalities of computer and online security and which contain information that is a valuable education for any computer user, regardless of their preferred operating system.

But I also uncovered a fact that I admit surprised me, and that I’m sure will surprise a lot of others as well.

According to StatCounter.com, as at June 2011, Windows XP still has the lion’s share of the operating system market!

Even now, almost 2 years after the appearance of Windows 7 (released to retail on October 22, 2009) Windows XP still claims 45.14% of the operating system market, compared with 34.31% for Windows 7 and 12.12% for Vista, with the dregs going to Apple (6.3%), Linux (0.8%) and “other” (1.33%).

Source: StatCounter Global Stats – Operating System Market Share

Those percentages are accurate for the date I’m writing this article. Obviously they will change marginally with time.

In other words, for writers, developers, etc in the technical space, Windows XP is very much still a force to be reckoned with and cannot be ignored.

So I decided that removing The Hacker’s Nightmare from availability at this time would be premature, and would deny a valuable resource to many people who badly need such a reference. After all, it is very clear that computer users are more threatened today by viruses, spyware, identity theft, password cracking programs, con-men, and so on than they have ever been.

Identity theft in particular has become a multi-billion dollar crime worldwide, and much of it is facilitated by violating our computer-related technologies.

So, for now, The Hacker’s Nightmare will remain available.

But intending purchasers should be aware that, although there have been updates, the book was originally written when Windows XP was the current Windows operating system and that there will be certain references and examples that may be Windows XP specific.

With that limitation in mind, and as an incentive for windows users everywhere to take some action in their own defense, I have also decided to slash the price of admittance to our community.

The Hacker’s Nightmare, which originally sold for US$69, is now a gift at US$27, available only through PayPal’s secure ordering system.

The Hacker’s Nightmare has sold so many copies around the world that I could quite easily afford to give it away for free at this time. But support and answering e-mails takes time, so to do that I would have to include a “no support” condition. And that, I believe, would reduce its value.

So the bottom line is that the giveaway price of US$27 will include the full support that we have always offered: if there is something in the book that you don’t understand, contact us and we’ll help you through it.

But don’t delay — I’ll be keeping an eye on this offer and if it looks like being more trouble than it’s worth I’ll withdraw the book from sale permanently, though existing owners will of course continue to receive the support promised.

To give you an indication of what The Hacker’s Nightmare contains I will list the chapters below.

So don’t be a sitting duck…

The Hacker’s Nightmare :: Table of Contents

NOTE: Subject to change without notice

Notices
Preface

Section 1 – Introduction

Chapter 1: Software Tools and Utility Programs
Chapter 2: Security overview
Chapter 3: The Game Plan
Chapter 4: Basic preparations
Chapter 5: What you should know about your PC

Section 2 – First Line of Defense

Chapter 6: Phishing—the Sport of Thugs
Chapter 7: A Wake-up Call
Chapter 8: The Forward Sentry
Chapter 9: Selecting a Firewall/Router
Chapter 10: Wireless security
Chapter 11: Connecting the pieces

Section 3 – Defense in Depth

Chapter 12: An Overview of Local Protection
Chapter 13: The Importance of Task Scheduling
Chapter 14: Vanquishing the Virus
Chapter 15: Trojans & Spyware
Chapter 16: Walls within Walls

Section 4 – Other Threats and Tactics

Chapter 17: Patches & Updates 1: Overview
Chapter 18: Patches & Updates 2: Microsoft Products
Chapter 19: Patches & Updates 3: Other Products
Chapter 20: Dispensable DCOM
Chapter 21: Keeping Informed
Chapter 22: Managing Cookies
Chapter 23: Backups—surviving a disaster
Chapter 24: Microsoft Word Revelations
Chapter 25: Erase Data Securely
Chapter 26: Remote computing
Chapter 27: The Fine Art of Social Engineering
Chapter 28: Passwords I—Choosing & Using
Chapter 29: Passwords II—Biometrics
Chapter 30: The hazards of “freebies”
Chapter 31: Dirty tricks with extensions
Chapter 32: Taming the eMail Preview Pane
Chapter 33: Icon Spoofing

Section 5 – Additional Strategies

Chapter 34: Restricting ‘removables’—stop data from walking
Chapter 35: Pop-ups from Hell
Chapter 36: Preventing digital product theft

Appendices

Appendix 1: Definitions
Appendix 2: The EndItAll Utility Program
Appendix 3: Installing & Removing Software
Appendix 4: Implementing a Fast Reboot icon
Appendix 5: Identity Theft
Appendix 6: IP Addresses 101
Appendix 7: Anti-virus 101
Appendix 8: Port usage
Appendix 9: Determining Port Usage on a PC
Appendix 10: Browser ‘session cookie’ settings
Appendix 11: Cookie Pal
Appendix 12: Browser Wars
Appendix 13: Floppy Disk Basics

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Although I’ve only received a couple of e-mails on the topic since my previous article, I have received a few similar in the past, so I thought it worth addressing out in the open. In reference to my review of Uniblue PowerSuite, Hacker’s Nightmare member Les wrote:

Although I’ve enjoyed your newsletters over the years I am skeptical about this. LockerGnome has many articles warning against it and a Google search brings up a plethora of articles.

Here is one link: http://www.reviewcentre.com/reviews146947.html

Am interested in your opinion.

Always happy to give an opinion Les <g>.

First, congratulations on doing some independent research yourself. I always encourage people to do exactly that, although there is some danger of being misled by wrong assessments and dishonest people with their own agendas. And thank you for coming back to engage me with your findings.

Now, let’s look at some facts, fallacies and conspiracy theories…

You Can Never Please Everyone

I think we are all aware that you’ll always be able to find a few knockers of any product, and this particularly applies to systems utilities. So who do you believe? Well, to be perfectly honest, for most people it will ultimately come down to finding someone you can trust, putting your faith in their assessments, and making them answerable for conflicting advice/opinions. Just as Les has done with his e-mail, though I would much prefer to receive all such communications via comments to the relevant blog post – the reason being, so we can share information with everyone.

I’ll get to some of the comments at the URL that Les posted in a moment, but first I did a search on LockerGnome for the keyword “Uniblue”.

All I could find were POSITIVE reviews by people I think it is reasonable to assume are probably fairly PC literate at the very least. I also found that LockerGnome actually promotes the full range of Uniblue products in numerous places throughout their website.

As far as I could see, the disparaging remarks that concerned Les were all posted as comments (mostly anonymous) to those reviews. They certainly weren’t a conclusion that was drawn by any of the reviewers in their articles.

Now, at risk of sounding like a conspiracy theorist, here’s something I discovered quite some time back…

Is There a Conspiracy Afoot?

Around 2006-2008 there seems to have been a very deliberate campaign underway to bad-mouth Uniblue and all their products. What brought me to this conclusion was that I kept encountering very positive reviews by experienced and in some cases well known IT people. Invariably these reviews would attract an uncharacteristic number of anti-Uniblue comment posts, most of which could easily have been written by the same person. I’m not saying they were — in fact it’s more likely there were a number of different authors — but there were glaring similarities shared by a preponderance of these posts, such as:

• A primary school level of expression
• Juvenile screen names
• An unjustified level of venom and rudeness
• Blatant untruths about the products
• Ridiculous claims of damage caused

Most curious of all was the fact that, when Uniblue representatives responded publicly offering to assist, they were invariably ignored. One Uniblue representative repeatedly publicly posted her direct e-mail address, which to my eyes is a pretty good demonstration of good faith.

It certainly seemed to be an orchestrated attack. By whom? I have no idea, but it’s as if a competitor appointed teenage offspring to get all his/her pals to search and attack this particular company. Believe me, plenty of businesses have found themselves the victims of misinformation campaigns. The Internet makes such reputation assassination just too easy, and there is no shortage of underhanded vendors willing to embark on such a campaign.

The SpyEraser Virus

On a different tack, a lot of animosity towards Uniblue was based on the erroneous assumption that they were responsible for the SpyEraser virus, which was ABSOLUTELY NOTHING to do with Uniblue’s SpyEraser anti-spyware product. And, as I said in the previous article, Uniblue SpyEraser has been discontinued as a product anyway. But for the record…

As far as I can determine, those people hit by the SpyEraser virus had downloaded a “trial application” from the domain SpyEraserTrial.com — which no longer exists at the time of this writing. However, when it was still active, the whois.com record for that domain had it registered under the name Absolutee Corp Ltd of Hong Kong. But actual ownership was somewhat obfuscated by the fact that the site’s IP address indicated it was hosted in Prague, Czech Republic, and associated with the business name Prague Software Service. In either case, nowhere near Uniblue’s home on the island of Malta in the Mediterranean Sea.

Unreasonable Expectations

I also have seen people knocking SpyEraser (presumably the real one), claiming it wasn’t an effective anti-virus utility.

Now this is the level of intelligence that software publishers and their support desks have to deal with on a daily basis! Even when it (the real SpyEraser, that is) was available, it was advertised by the developers as an anti-spyware tool, not anti-virus. So quite apart from those who were blaming the wrong product, you’ve got ignorant people condemning a product because it doesn’t do what it was never designed or advertised to do.

Unmitigated Crap!

Exploring a few of the anti-Uniblue links that were sent to me I soon saw that many of the claims were at best blatant misrepresentations of the facts, and at worst, outright lies.

For example, there were several posts along the lines of “Who is Uniblue? They don’t have any contact information on their website.”

Well, I didn’t have any trouble finding that information. Just look down the bottom of the Uniblue home page, or any other page on their site for that matter, and you’ll have all the links you need.

One guy said that the TRIAL of CleanupMyPC reported 9000 issues with his computer. However he DID NOT invest in the fully functional program (30-day money-back guarantee, remember) to see what it could do for him. Never-the-less he still felt qualified to give it a rating of 1/5 stars. Huh! Based on what? Not trying it?

Another knocker says it removed his cache without permission. Ahmm, sorry, no it didn’t — not “without permission”. All of the following can be enabled/disabled in CleanupMyPC at will:

• Clear the Internet Explorer cache
• Delete files on the recent items list
• Clean the Firefox download history
• Clean the windows temporary folder
• Clean the user temporary folder

Still, he also awarded the product a score of 1/5 stars, apparently based on the fact that he couldn’t be bothered understanding the program he was using.

This one made me laugh…

Plaintiff said he does all his “typing” using Dragon NaturallySpeaking (DNS), and claimed that CleanUpMyPC “obliterated a bunch of temporary files that DNS crucially needs for its next session”.

Well, I have troublesome RSI (a bad wrist) and have been using voice input via Dragon NaturallySpeaking for just over two years, day in and day out — it is almost my sole means of “typing” and data input. Every post I make to this blog and every e-mail I send out is dictated in its entirety via Dragon NaturallySpeaking. I also follow a couple of very active DNS forums. I have never experienced any such thing, nor have I ever seen anyone else make such a claim. A doctor of my acquaintance uses the Pro version of DNS with the medical dictionary, plus Uniblue products, and has never had a problem either.

Here’s a tip when troubleshooting ANYTHING:

• If an intelligent web search doesn’t turn up anyone else with the same symptoms as you, then the problem is almost certainly something unique to your system.

And of course:

• When you download software, be it a trial or the full thing, make sure it‘s coming from the actual publisher, not from some scam look-alike site.

One More for the Road…

OK, I could go on almost endlessly, but just one more. Quote:

“This laptop was a replacement for the one that was screwed up with their Driver Scanner and resulted in damaging the hard drive in my other laptop.”

So we’re supposed to believe that DriverScanner, which at the most will only install new versions of software, actually PHYSICALLY DAMAGED a hard drive!!! And he had to buy a new laptop as a result? Seriously, if you believe that, please note that I have the Sydney Opera House on the market if anyone’s interested. Going cheap.

Look, if you’re serious about fixing a problem and you genuinely want help to do so…

There’s Plenty of Help Available

And plenty of reliable information if you want to look for it.

What annoys me the most is not that there are so many hopelessly inexperienced people out there. I feel for them, and inexperienced users are one of the main reasons this website even exists.

The annoying part is the way so many inexperienced people will jump to unjustified conclusions and condemn good products from honest companies, doing immense commercial harm in the process. Others, just as inexperienced as them, are going to listen to their nonsense and themselves be disadvantaged because they’ll believe it.

I repeat what I said in my previous article:

I regularly use Uniblue PowerSuite to run RegistryBooster, CleanupMyPC and DriverScanner, and I unreservedly recommend PowerSuite and/or any of its components.

I’ll Even Help You Get Help

If you should encounter a problem your first port of call should be a support ticket to Uniblue at http://www.uniblue.com/support/. First look to see if your problem is one of several addressed on that page. If it isn’t then scroll to the bottom of that page where you will find this sentence:

“If you cannot find an answer to your question, please submit a ticket with your query and we will contact you as soon as possible.”

And when contacting any support line, please don’t forget that you are a member of a global community. I am in Australia; Uniblue is in Europe; most of my readers are in the UK, Canada and the USA, but there are some from almost every country.

My point being, give the support people reasonable time to respond, including allowing for weekends, and the fact that Monday where you are might still be Sunday where they are. Very few companies these days can justify the cost of having someone available for 24×7 support, except those providing very expensive and mission-critical solutions.

Finally, if you have a problem with the support you are getting (or not getting) from Uniblue, feel free to contact me through this blog’s Contact Form and I’ll chase them up for you. I don’t expect that will ever be necessary, but since I’m making the recommendation it’s the least I can do.

So don’t guess or be swayed by the ignorant!

You won’t know what these tools can do for you until you try them for yourself. They work just fine for me, and for many of my clients and acquaintances, and for countless reviewers who’ve rated them highly, and the many reputable companies that have partnered with Uniblue to promote their products.

And as I said, if you’re not happy with the results, there is always the protection of the publicly advertised 30-day money-back guarantee.

So instead of listening to the rantings of the ignorant…

Try Uniblue PowerSuite for Yourself

I’m keen to hear of your experience.

</rant>

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Regular readers will be familiar with my general dislike of software suites, particularly in regard to security applications. Too often we see a developer make a name for themselves initially with software that addresses one particular area of security, such as anti-virus, or anti-spyware, or personal firewall. Then they start trying to be all things to all people, branching out into other sectors; then inevitably bundling their different applications together into a “suite”.

But, in my experience, it is extremely rare to find one software publisher responsible for the development of the best of each type of application. I hold the security of my data in very high regard, so I want to be protected by the best-of-breed of each type of application – the best anti-virus, the best anti-spyware, the best personal firewall, and so on.

Attaining that goal usually means using different specialist applications from different suppliers.

Admittedly, non-security applications are usually a different story. It is generally important for the various components of an applications-type software suite to work harmoniously together, and that’s something that can only be realistically achieved by the one developer, such as the integration between the various components of Microsoft Office or Sun/Oracle’s Open Office. Even so, there may be components of a particular suite that you don’t want to use. Sometimes you can disable a component part of a suite (or just ignore it), and sometimes you can’t.

Performance & Optimization Software

The application category that I’m addressing in this article is performance, stability and optimization software, but there’s a good reason I opened up with a brief discussion of suites and security software.

If you’ve been reading this blog for a while you will have encountered my repeated praise for a product called RegistryBooster from Uniblue, a certified Microsoft Gold Partner company founded in 2003 on the Mediterranean island of Malta.

For some time now RegistryBooster has been available both as a standalone product and as part of a software bundle called PowerSuite. While I have long been a fan of RegistryBooster, to be honest I’ve never been that keen on PowerSuite. In an earlier incarnation the suite was a mixture of optimization and security applications, and I didn’t find the suite interface really to my liking either.

But things changed significantly for the better with the release of PowerSuite 2010.

The security component of earlier PowerSuite versions was called SpyEraser, and that is no longer included in the package or even available as a standalone application. Although SpyEraser did a pretty fair job, its removal from PowerSuite was a positive step. Why? Because it indicates that Uniblue is once again concentrating 100% of their development efforts on what they do best, and on what they made their good name in the first place: software that optimizes your system and enhances performance and stability.

The three components of PowerSuite 2010 are…

RegistryBooster

I’ve written about Registry cleaners and RegistryBooster extensively in previous articles, so I won’t allocate much space to it here. Everything I’ve written previously still applies. Please don’t ignore the two articles below as being out of date; they are as relevant today as ever, and will provide a lot of useful information for anyone new to Registry cleaners or who has led been led to believe that Registry cleaners are to be avoided for some reason.

• Choosing a Registry Cleaner
• Registry Cleaners Revisited: The Final Chapter

I’ve been using successive versions of RegistryBooster (the standalone version) since mid-2008, and it is one of the applications I rely on to keep my systems in pristine condition.

SpeedUpMyPC

One of the challenges with keeping a PC performing even close to optimally is the enormous number of settings, files and processes involved, and the fact that many of them are changing all the time. Over time you will become very aware that your system is slowing down, but how do you identify just what factor or component or setting is responsible? It can be very difficult and requires a fair degree of technical expertise.

And it’s not enough to just identify the cause — you then need the technical expertise to make the adjustments necessary to rid yourself of the “blockages” and recover speed and performance.

To the rescue rides SpeedUpMyPC.

SpeedUpMyPC first scans your computer to identify the processes, files and settings that are slowing you down, then it employs a range of powerful software tools to optimize your system for improved performance. With just a click or two on your part,  things like network settings, memory and CPU functions are all scanned and adjusted and junk files deleted from the hard drive. The end result can range from a marginal improvement to quite astonishing, depending on the original state of your system.

SpeedUpMyPC has saved me a lot of time that would otherwise have been spent on manually tuning my systems and keeping them in order.

DriverScanner

This is the one component of PowerSuite 2010 that I approached with some trepidation. To understand why, you need to know exactly what a “driver” is.

A driver is simply a special type of software program. More specifically, it is software that is designed to control a hardware device, such as a printer or mouse. In fact every hardware device that attaches to your computer, including keyboard and hard drive, requires a driver program that translates commands from the computer into the commands that the hardware device can understand.

Some drivers are loaded as part and parcel of the operating system, the keyboard driver being one example. For other devices you may be required to install the appropriate driver program when attaching a new hardware device to your PC. Microsoft provides a lot of drivers with each version of Windows, but obviously there is no way they can know about every device that you may ever want to connect.

Now in one respect drivers are no different than any other program, in that the developers of the software will periodically update the program. The reason for the update may be, for example, to take advantage of new hardware features, or to close security holes that have come to light, or even to resolve conflicts that have become apparent with other drivers or software. Whatever the reason, it should be obvious that it is usually in your best interests to update drivers when new versions become available.

But there’s a problem…

Malfunctioning or incorrect drivers can be a real headache, often manifesting as obscure glitches and failures, and the root cause can be damn difficult to track down. For that reason alone most people, including many IT professionals, adopt the attitude “if it’s working leave it alone”. But for reasons that should be obvious, that may not be the safest approach at all.

Unfortunately manufacturers who provide drivers for their hardware don’t always make updating a simple task. For any given printer you may find multiple driver versions on the manufacturer’s website, with no clear indication of which one you should choose. I guess the attitude might often be that the provision of free drivers is a necessary evil and doesn’t make them any money, so they write the software, upload it to their website, and consider the job done.

So can you understand my hesitation to use an automated tool for this purpose?

Still, nothing ventured nothing gained, and over the past couple of years I have developed a healthy respect for the high quality of Uniblue software, so I pushed ahead and gave it a go. And guess what…

DriverScanner worked flawlessly!

In their own words Uniblue claims that: “DriverScanner will then safely install each update on your PC”, and I have to say that has been my experience without exception.

I have run the full PowerSuite, including DriverScanner, on numerous occasions on several different systems. It has detected a number of out-of-date drivers with updates available, and performed the replacements without a single hiccup. Needless to say I am delighted with this result, because this component of PowerSuite alone is going to save me a lot of time, not to mention enhance my security (because I’ll always be running patched & up-to-date software) and give me the best performance from my hardware.

The PowerSuite Interface

The user interface is elegantly simple. Each of the three components is featured on the Overview tab and can be run separately (see image above). Using the interface is extremely simple and obvious. Whether you see a  “Launch Application” button or a “Start scan” link depends on whether or not an up-to-date scan is awaiting your attention. After running a scan, clicking a  “Launch Application” button will present you with details of the scan for that particular component. For example, here is the information window that is displayed when the  “Launch Application” button for the RegistryBooster component is clicked in the image above…

If you need to know more about what’s been detected and what will be fixed just click the “Detailed View” button. I rarely bother with this anymore as I have come to trust the software. And if it ever does make a mistake there is always the pre-fix backup that is performed automatically.

That’s definitely an improvement in safety! In earlier versions of RegistryBooster you had to confirm that, yes, you wanted to make a backup prior to running the fix. Now you don’t even have to do that — a backup is always performed and stored automatically.

Standard Software Installation Guidelines

When you try out PowerSuite for yourself (risk-free, see below), please be sure to follow these software installation safe practice guidelines:

• Reboot your computer before installing any software
• Close any applications that may have started with Windows
• Install Uniblue PowerSuite
• Reboot your computer again

It is always advisable to reboot before installing any new software. It may not always be absolutely necessary to reboot after installation. However sometimes it is highly advisable to reboot after an installation, even if the software doesn’t warn you to do so. By always rebooting before and after any software installation (or removal for that matter) you are covering all your bases and you’ll have a happier system in the the long run.

Product Support

I have a standard policy when it comes to reviewing anything — be it software or hardware. No matter how good product itself may be, if the support isn’t up to scratch I either won’t recommend it at all, or I’ll at least warn readers that support is poor or non-existent. As part of the review process I almost always submit a support request as a test to gauge response time and the usefulness of the reply.

No such reservations with Uniblue. I have always found them responsive and both willing and able to provide useful assistance. In every customer-to-Uniblue interaction of which I am aware they have always performed admirably.

Something I always like to see on Support Ticket forms is the ability for the customer to upload a file. After all, a screen-shot can save a lot of explanation. Uniblue support has made that provision.

Conclusion

The best recommendation I can give for PowerSuite is to say that…

• I have it installed on all my systems
• I use it regularly (automatic schedules are set within the program)
• I recommend its use to all my clients

Have never had a problem myself and have never received a complaint from anyone I’ve recommended it to.

Other reviewers have obviously come to the same conclusion. Here are some excerpts from an article that appeared on the OverClockers Club website:

• “…the SpeedUpMyPC 2010 utility proved itself by taking a highly junked up system and making it a bit faster.”
• “With the use of the Uniblue SpeedUpMyPC utility, I was able to shave 24 seconds off of the Windows start up time… The shut down time was also reduced to under 20 seconds.”
• “When used together with the other Uniblue products in their Power Suite, you have the tools to keep your computer running smooth and almost as fast as when you first got it.”
• “…a utility that just works.”

Seriously, if you’re at all concerned about keeping your PC optimized and in good order, Uniblue PowerSuite is a first-class way to achieve that goal.

Need More Incentive?

Want more? Right now Uniblue are making an offer you’ll find hard to resist…

• Special pricing offer: Uniblue PowerSuite 2010 is available right now at a significant discount. Click the link below for details.
  
• There’s also an extra software bonus thrown in. You’ll find it in the shopping cart at a price of $0.00.
  
• Immediate download day or night. No waiting for a CD to arrive by post.
• The nothing-to-lose clause: if for any reason you’re not 100% happy there’s a 30-day money back guarantee.

Try it out yourself – you won’t be sorry.

Click here to visit Uniblue PowerSuite on the web

Got an opinion or question? Please use the comment box below this article and I’ll respond where appropriate.

Your questions/objections may be answered  in
this follow-up article

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

I’m still getting variations on questions related to performing Microsoft/Windows updates, so perhaps it’s time for a brief refresher.

If, in any Microsoft operating system, you follow the sequence

Start –> Programs –> Microsoft Update

you will end up staring at the Microsoft browser which of course is Internet Explorer.

Abandon Internet Explorer!

It is my strongest and oft repeated recommendation that for many reasons you should abandon Internet Explorer in favour of Firefox. Firefox is not only a far better and more usable browser, it is also much safer. Or, use Google Chrome if you like, but it’s a bit spartan for my tastes. The main thing is to get away from Internet Explorer as your default browser.

Unfortunately in its raw state Firefox cannot process updates for you from update.microsoft.com or windowsupdate.com, or any variation that accesses the Microsoft/Windows update website.

Without getting into a lot of unnecessary detail, the reason is that the Microsoft update websites require an ActiveX control (follow that link if you want more info), and Firefox doesn’t “do” ActiveX — which is one of the reasons it’s much safer than Internet Explorer. ActiveX is a security nightmare.

Now many people are still under the impression that, while they prefer to use Firefox as their day-to-day browser, they have to switch to Internet Explorer to perform their Microsoft/Windows updates.

That hasn’t been the case for quite some time, and here’s how to make it not apply to you either. What we need to do is…

Fool the MS Update Websites

• If you don’t already have it installed and configured as your default browser, download Firefox from http://www.mozilla.com and install it. If you are already using Firefox make sure you are using the latest version. Very often new versions are released for valid security security reasons, not just to present a new feature or two.
• Locate the Firefox plug-in “IE Tab Plus” at https://addons.mozilla.org/en-US/firefox/addon/10909/ and install it.
• In Firefox, go to: Tools –> IE Tab Plus Options.
• Select the Site Filter tab and ensure that the following entries are present. From memory I think they are there by default, but if not it’s easy enough to add them:

• Click OK to close the options dialog.

So What’s All That Mean?

What it means is that from now on, whenever you point Firefox to update.microsoft.com or windowsupdate.com, Firefox will load the Internet Explorer Rendering Engine to display those sites, and everything should work just fine.

But You CANNOT Ignore Internet Explorer!

Please please please be aware that Firefox add-ons such as IE Tab Plus aren’t the only software that call upon some part of Internet Explorer code, so it is vitally important that you keep Internet Explorer up to date even if you’re not using it as your day-to-day browser.

Need more explanation? Want to offer a viewpoint? Please use the Comment Box below.

PR: wait… I: wait… L: wait… LD: wait… I: wait… wait… Rank: wait… Traffic: wait… Price: wait… C: wait…

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

I fairly regularly get e-mails asking why I’m still recommending an “old style” router (802.11g standard) in my security e-book The Hacker’s Nightmare, even though routers boasting a faster/better/more modern standard (802.11n) have been available for quite some time.

It’s been on my to-do list to write an article explaining my reasons for this. However, I’ve just been saved the trouble by the appearance of an excellent article from the keyboard of PCMech writer Rich Menga.

Rich has summed up my own reasons very nicely, and I unreservedly recommend his article to you.

After trying a number of the new-fangled 802.11n routers, Rich has given them all the flick and ordered himself a Linksys WRT54GL — the very router I have long recommended and continue to recommend in The Hacker’s Nightmare.

While you can use it quite satisfactorily straight out of the box, the WRT54GL is very versatile in that it can be “flashed”, or loaded with, third-party firmware (similar to software). My personal third-party firmware favorites for upgrading the WRT54GL are DD-WRT and Tomato. Both are free, and applying either to the WRT54GL makes it a very hard act to beat for overall performance, reliability and versatility.

Of course, there is a lot more to the safe use of any router than just plugging it in, which is why The Hacker’s Nightmare contains extensive, plain language instructions on configuring and securing the WRT54GL.

So where to next?

• Amazon.com is a trusted and reliable supplier to the entire world, and you will find it hard to beat their prices. Click here for the WRT54GL at Amazon.com.

and…

• You can currently snap up a copy of The Hacker’s Nightmare at a 50% discount.

• Oh, and read Rich Menga’s article here.

PR: wait… I: wait… L: wait… LD: wait… I: wait… wait… Rank: wait… Traffic: wait… Price: wait… C: wait…

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Now there’s RoboForm Online…

Yep, the world’s Best password manager just got even better! As regular readers will know only too well, RoboForm is one of my very favorite must-have applications, and something that I have recommended on many occasions.

I’m not at all reluctant to say that EVERYONE who uses a PC online should have RoboForm installed. For security of passwords, and password management, there is nothing better.

But…

One downside to RoboForm is that you will become so dependent upon it that you’ll be lost when using another computer where *your* RoboForm data isn’t available. The portable version (RoboForm2Go) overcomes this problem to a large extent, but there are still elements of inconvenience. For one thing you have to remember to sync your latest RoboForm master data to the portable USB drive before leaving home or office (as the case may be); and of course you must have your portable RoboForm2Go USB drive with you at the time when you need it. Well…

The Answer Has Arrived…

All such considerations are now moot with the release of RoboForm Online.

Your master RoboForm installation on your own PC will automatically synchronize your Logins, Identities and Safenotes to your RoboForm Online account, where you can access them using your personal login credentials from any PC, anywhere in the world!

When at a “foreign” computer where you need access to your RoboForm data, you just browse to online.roboform.com, click the Login tab, and enter your account credentials – the one username/password combo you need to have filed away in your grey-matter storage cabinet.

And commendably, like everything Siber Systems does, it’s very easy to setup and use. Here’s how it goes…

The registration form is very simple:

RoboForm Online: Free Registration Form

On submitting the form you will be given some simple directions on how to initiate the sync.Basically, you’ll do this:

Synchronisation

I had to run the sync twice before all of my Logins, Identities and Safenotes were stored in the online service, but I may have been a bit hasty with the first one, not allowing enough time to get everything transferred across. However it’s easy enough to check your local RoboForm storage against your online storage to see that the numbers are right. If in doubt, just run the sync again.

By the way, if you should encounter a dialog like this:

The Good Sync dialog

Just click OK and follow directions — pretty much everything will be done for you.

RoboForm Online is a welcome addition to the RoboForm family, and those of us who move around a lot and use different computers are going to be very grateful for its emergence.

Free Registration

To learn more and to register for a free RoboForm online account just click the button below.

Of course, to make use of RoboForm online, you need to have RoboForm installed on your main PC to start with. And I as I said in the opening paragraph, RoboForm is something that *every* computer user should have installed.

PS.
If you found this article useful, be sure not to miss future hints, tips, reviews & warnings. For timely notification of new posts please use the Subscriber Now box in the right-hand column of this page.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

In Part 2 of this series I want to talk about protecting your social networking account, and it all boils down to…

PASSWORDS

And No… you probably don’t already know everything you need to know about passwords, so you really need to keep reading. I’m going to show you exactly some of the ways the bad guys get at your passwords.

If you missed it please first read
 Social Networking Self-Defense: Part I

So it’s pretty obvious that anyone who gets hold of your login credentials, most importantly your password, can modify your personal pages to their heart’s content.

Now, you might be thinking something like “OK, I’ll memorize my password, never write it down, and never tell anyone”.

Well, good, that at least that would be a step in the right direction, but unless you clearly understand how vulnerable passwords are, it won’t be a big enough step. Not by a long shot.

Let’s take a look at password cracking itself…

How to Crack Passwords

Something that very few computer users realize is just how easily common passwords can be cracked. There are all sorts of special password cracking programs readily available to those who take the trouble to look. None of those programs are infallible, but one thing is certain: passwords made up of common words, or common words with a few numbers appended, are usually cracked fairly quickly.

In the past, when writing on this topic, I have always avoided giving any details on password cracking programs. I just didn’t want to be responsible for encouraging anyone to seek out and use such tools.

However, search engines such as Google, Bing, Yahoo etc have become so accurate and all-inclusive as to make these things fairly easy to find. So now I think I can probably achieve more by actually proving their existence to you.

Here’s a list of the 10 top password crackers, according to the Security Tools [http://sectools.org/crackers.html] website, with their descriptions slightly edited for this article.

|
All of those programs work on Windows, and many of them on other operating systems as well. Obviously not all are suitable for cracking all types of passwords under all circumstances, but in the hands of even a reasonably competent person any of several can be a serious threat to your security.

Still not convinced?

A recent Computerworld article describes the massive market for usernames and passwords or social network accounts. One hacker alone has 1.5 million Facebook accounts on offer!

Seriously, you REALLY need to click here and read that article.

And hey! If you aren’t already calling up your Facebook account to change the password (in line with the suggestions here-in) then I’m afraid you’re a sucker just waiting to be sucked dry.

What NOT to do

As a result of a major phishing attack in late 2006 approximately 34,000 MySpace passwords became available for download. Some researchers saw this as an opportunity to analyze what sort of passwords people were using. Here’s a list of the 20 most popular passwords:

|
Not one of those passwords would present the slightest problem to a decent cracking program. Here are some more statistics from the analysis of those 34,000 passwords:

• Numbers were used in well over half the passwords.
• When used, numbers were most often appended to the end of the password.
• Almost 1% of users had the word “password” as all or part of their password.
• Words, colors, years, names, sports, hobbies and music groups were very popular.
• Other popular words include: angel, baby, boy, girl, big, me, the.
• Cuss words were very popular. Because these are common and well known they should be considered as dictionary words, whether they appear in any “real” dictionary or not.
• Also popular were the names of sports (golf, football, soccer, etc.), professional sports teams and college team nicknames.

Again, all very easy stuff for a good cracking program.

I’ll be going into some detail here because I want you to understand very clearly the extreme importance of using good strong passwords if you are serious about protecting yourself.

So let’s look now at exactly what makes for a strong password, from the password cracker’s point of view.

What you SHOULD do

The most important aspects of a password are its length and composition, but there is an apparent catch involved. If length and composition are right for a strong password, then it’s very unlikely you’ll be able to remember even one password, let alone the many that most people need to use. But don’t worry, we’ll solve that dilemma in a moment. First let’s look at the password itself.

The length aspect is simple: the longer a password, the harder it is to derive using special password cracking tools.

Composition is a bit more complex. To be truly effective, the characters that make up the password should consist of a mixture of upper and lower case alphabetic characters (A-Z, a-z), numerals (0-9), plus punctuation and special characters (!@#$%^&*). In addition, repetition of characters should be kept to a minimum and the password should not contain any real names or dictionary words. Here is an example of a 20 character password that conforms nicely to those rules:

Mu49#SLQ&p5^eh!6M9B2

Yes, I know what you’re thinking:

“How on earth could I ever remember something like that?”

And the answer is…

For PC users  : RoboForm
For Mac users : 1Password

Now, I’m a PC user, so I don’t use 1Password, but I have read their material, watched a video on the product and asked some Mac users whose opinions I respect. What I can tell you is that it works very much like RoboForm, performing much the same tasks, and is highly regarded by those Mac users I consulted. For all practical purposes any mention of RoboForm features that follows applies also to 1Password.

When installed, both RoboForm and 1Password take up residence on your browser toolbar.

Secure password generation is a handy feature, but the real power of RoboForm, and the thing that makes it so indispensable to security minded people, is that it can remember the complex passwords that it generates, and also remember which website or login form each password relates to. This is a massively significant feature.

On visiting a web page that contains login fields, RoboForm provides you with a one-click prompt that will fill in all the necessary fields with login information that is specific to that page only.

Similarly, when you manually fill in login fields for a site that you haven’t visited before, you can quickly and easily store those login credentials for one-click retrieval on future visits to that site.

In other words, the longer and more complex a password the better, because you’ll never have to remember it. Nor do you need to be tempted to use the same password on multiple websites, because with RoboForm having five, 25 or 50 long, complex, meaningless passwords is no more of a load on your brain than having just one.

RoboForm offers another extremely useful feature not directly related to passwords but worthy of mention if it will entice you to use this excellent utility.

One-click filling out of forms with any number of personal details can be a real time saver. Name, address, landline phone number, mobile number, fax, date of birth, credit card details — virtually any sort of information required on a form can be intelligently provided with a single click. That’s one click for the whole form, not one click for each field! RoboForm knows what’s being asked for and provides just that.

Both RoboForm and 1Password offer free 30-day trials, after which each application will continue to operate but with a reduced feature set. Here’s the situation was RoboForm:

|
By all means trial the product first, but believe me, purchasing the full version is a very easy decision. Most people will definitely need many more than 10 pass cards alone, not to mention how useful multiple identities and profiles can be, and the ability to create numerous custom fields.

Again, here’s where to get‘em:

For PC users  : RoboForm

For Mac users : 1Password

And remember…

The first line of defense is the human brain.
Keep it engaged when online.

Related articles

• SSD tools crack passwords 100 times faster

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

On the second Tuesday of each month Microsoft releases software patches & updates for their various products, so this is a very important day for all Windows users who care about their privacy and security [full summary here].

Why? Well..

Often a Microsoft patch or update will close a vulnerability that, if left unaddressed, could allow an attacker to take complete control of your computer.

And that’s something you REALLY don’t want!

Keeping your installation patched up-to-date is so important that, whether or not you have Automatic Updates enabled, at this time of each month it’s still wise to manually double-check that everything that matters has been installed. Don’t be put off by the word “manually” — it’s a quick and easy process.

HERE’S HOW:

• Point your web browser to: http://www.update.microsoft.com
• Click the Custom button.
• Install any high-priority updates that are reported.

But Don’t Stop There!

In the column on the left-hand side you will see links for:

• Software, Optional (n)
• Hardware, Optional (n)

The number in brackets indicates how many updates of that type are applicable to your computer. If the number is anything other than (0) then click that link and investigate, installing the update if necessary (or if in doubt). Similarly, you may find relevant updates in one of the links under “Select by Product”, so do the same with any of those.

WEBCAST:
Each month, in association with PatchTuesday, Microsoft presents an online Webcast to address customer questions on the bulletins for that month. Webcasts are usually initially presented on the Wednesday, the day after Patch Tuesday, at 11:00 AM Pacific Time (US & Canada). They are also recorded and available for later viewing. To register for a Webcast or to view Webcasts that have passed, click this link.

By the way… SymmTime is a great on-screen world time utility for anyone who needs to check or convert times around the world. It’s free and highly configurable.

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come? Well, because…

If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cyber-grubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

PS: When you read some of the related articles below you will encounter numerous instances of “Microsoft recommends updating Internet Explorer to version 8″ and “Microsoft recommends avoiding blah blah blah” and etc. Listen up! You’ll be orders of magnitude safer if you take my advice instead — download the free Firefox browser and give Internet Explorer the flick. IE has been a real security problem for a long time and it’s going to continue to be so well into the future. Firefox is a far better browser in every respect.

Related articles:

• Microsoft warns of major Patch Tuesday update
• Microsoft, Adobe, Oracle offer fixes in big Patch Tuesday
• Microsoft patches “unhackable” Windows 7 bug

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Password selection and personality? A couple of days ago I read a book review in one of our local newspapers, in which the authors (of the book) suggested that the computer passwords you select can reveal a lot about your personality. Let me say right up front that if that’s the case — if your passwords do reveal a lot about your personality — then you are sadly, even dangerously, off track in the way you select passwords.

For more on passwords you might want to take a look at this earlier article of mine, but first let’s look at this personality thing.

The authors nominated eight password categories and assigned specific personality types to each…

1. A lover’s name. You are a loyal type likely to stray, but can also indicate obsession or lack of imagination.

2. Work-related. A dull or career-obsessed workhorse who lack the imagination necessary to climb the corporate ladder.

3. Numerical passwords. Logical to the point of humorlessness.

4. Your own name or nickname. Self-obsessed and egotistical, but also over-confident, driven and desperate to achieve.

5. Fantasist. Using passwords like “sexy”, “stud” or “goddess” is similar to using your own name/nickname, but you’re also likely to be a risk taker and thrill-seeker away from work.

6. Names of pets. The nostalgic type. You believe that other people just don’t understand you so you reserve your sensitive side and innermost thoughts for “Fluffy” or “Spot”.

7. Favourite band, sports team, etc. You’re a romantic, and life is one long, determined fight to stay happy and positive. People either admire your upbeat attitude or see you as a gullible sucker.

8. The Cryptic. You “agonize” over concocting passwords that are an intricate mix of letters, numbers and punctuation marks. In the author’s words: “This air of intellectual mystery defines you as pretentious, arrogant and more than a little paranoid”.

What do you think? See yourself in any of categories 1 to 7? If so, I’d really like to get you headed in the right direction.

The category that bothers me the most is #8. The purpose of a password is to protect something, and an easily guessed password is little or no protection. If it is your habit to choose passwords that are an “intricate mix of letters, numbers and punctuation marks”, then I don’t really care about the psychology behind your reasoning because, from a security standpoint, you are way ahead of everyone else.

On the other hand, if you don’t use passwords that are an “intricate mix of letters, numbers and punctuation marks” then I strongly suggest you forget the pop-psychology and start doing just that.

The Solution

Fortunately you don’t have to “agonize” over coming up with good, reliable, secure passwords. There is an excellent — I’ll go so far as to say indispensable — application that will not only create truly arcane passwords quickly whenever you need one, but it will even remember them for you. After all, one of the reasons that many people don’t use truly appropriate passwords is that they can’t remember them.

I’ve mentioned it before, and no doubt this won’t be the last time you’ll hear me extolling its virtues, because I see this little tool as a very important part of your security arsenal. It’s called RoboForm. There is a free version which you can use to get a feel for the product, but anyone serious about their online safety will want the full version.

Finally, I haven’t read the book that prompted this article, and to be honest I’m not likely to, although I admit to a passing interest in the study of body language. But if it’s the sort of thing that takes your fancy you can find “The You Code” on Amazon.com

Related articles:

• Most users don’t change password often enough, report says
• Please Hack Me. My Password is 123456

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

If you are running Firefox as your preferred browser you should UPGRADE NOW! The latest version 3.6 continues to improve on an already excellent product.

If you’re not running Firefox as your preferred browser, WHY NOT?

And if you’re still sticking to that bloated, troublesome dog Internet Explorer — well, words fail me. Know what a masochist is?

Installing Firefox for the first time is a trivial exercise. No explanation needed. Just click here (it’s free), download to your Windows desktop, double-click to install.

Upgrading a current installation to the new version is also commendably easy (10.6MB download). In Firefox just click Help –> Check for updates... and follow the prompts.

There’s just one thing I’ll give you advance notice about. Immediately after choosing to perform an upgrade from the Help menu, you may see a dialog with the following message:

“Some of your add-ons won’t work with Firefox 3.6, and will be disabled. As soon as they are made compatible, Firefox will update and re-enable these add-ons.”

And below that will be a list of your current add-ons that are currently incompatible (if any). If you can’t live without the add-ons mentioned, you can back out at this point.

Thanks to my experimental nature I have quite a large number of add-ons installed — probably more than most people — and only four of those were listed as being currently incompatible with Firefox 3.6, none of them of any real consequence. And anyway, they’ll be automatically updated and re-enabled in due course.

PS. If you insist on continuing to use Internet Explorer as your browser of choice then you are wasting your time reading a blog that focuses on computer and Internet security! You can’t have both.

Related articles

• Google phases out IE6 support for Docs and Sites
• Firefox 3.6 Portable Available for Your Thumb Drive Needs [Downloads]
• 5 Cool About:Config Hacks To Make Firefox Browsing Smoother

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.