Although I’ve only received a couple of e-mails on the topic since my previous article, I have received a few similar in the past, so I thought it worth addressing out in the open. In reference to my review of Uniblue PowerSuite, Hacker’s Nightmare member Les wrote:

Although I’ve enjoyed your newsletters over the years I am skeptical about this. LockerGnome has many articles warning against it and a Google search brings up a plethora of articles.

Here is one link: http://www.reviewcentre.com/reviews146947.html

Am interested in your opinion.

Always happy to give an opinion Les <g>.

First, congratulations on doing some independent research yourself. I always encourage people to do exactly that, although there is some danger of being misled by wrong assessments and dishonest people with their own agendas. And thank you for coming back to engage me with your findings.

Now, let’s look at some facts, fallacies and conspiracy theories…

You Can Never Please Everyone

I think we are all aware that you’ll always be able to find a few knockers of any product, and this particularly applies to systems utilities. So who do you believe? Well, to be perfectly honest, for most people it will ultimately come down to finding someone you can trust, putting your faith in their assessments, and making them answerable for conflicting advice/opinions. Just as Les has done with his e-mail, though I would much prefer to receive all such communications via comments to the relevant blog post – the reason being, so we can share information with everyone.

I’ll get to some of the comments at the URL that Les posted in a moment, but first I did a search on LockerGnome for the keyword “Uniblue”.

All I could find were POSITIVE reviews by people I think it is reasonable to assume are probably fairly PC literate at the very least. I also found that LockerGnome actually promotes the full range of Uniblue products in numerous places throughout their website.

As far as I could see, the disparaging remarks that concerned Les were all posted as comments (mostly anonymous) to those reviews. They certainly weren’t a conclusion that was drawn by any of the reviewers in their articles.

Now, at risk of sounding like a conspiracy theorist, here’s something I discovered quite some time back…

Is There a Conspiracy Afoot?

Around 2006-2008 there seems to have been a very deliberate campaign underway to bad-mouth Uniblue and all their products. What brought me to this conclusion was that I kept encountering very positive reviews by experienced and in some cases well known IT people. Invariably these reviews would attract an uncharacteristic number of anti-Uniblue comment posts, most of which could easily have been written by the same person. I’m not saying they were — in fact it’s more likely there were a number of different authors — but there were glaring similarities shared by a preponderance of these posts, such as:

• A primary school level of expression
• Juvenile screen names
• An unjustified level of venom and rudeness
• Blatant untruths about the products
• Ridiculous claims of damage caused

Most curious of all was the fact that, when Uniblue representatives responded publicly offering to assist, they were invariably ignored. One Uniblue representative repeatedly publicly posted her direct e-mail address, which to my eyes is a pretty good demonstration of good faith.

It certainly seemed to be an orchestrated attack. By whom? I have no idea, but it’s as if a competitor appointed teenage offspring to get all his/her pals to search and attack this particular company. Believe me, plenty of businesses have found themselves the victims of misinformation campaigns. The Internet makes such reputation assassination just too easy, and there is no shortage of underhanded vendors willing to embark on such a campaign.

The SpyEraser Virus

On a different tack, a lot of animosity towards Uniblue was based on the erroneous assumption that they were responsible for the SpyEraser virus, which was ABSOLUTELY NOTHING to do with Uniblue’s SpyEraser anti-spyware product. And, as I said in the previous article, Uniblue SpyEraser has been discontinued as a product anyway. But for the record…

As far as I can determine, those people hit by the SpyEraser virus had downloaded a “trial application” from the domain SpyEraserTrial.com — which no longer exists at the time of this writing. However, when it was still active, the whois.com record for that domain had it registered under the name Absolutee Corp Ltd of Hong Kong. But actual ownership was somewhat obfuscated by the fact that the site’s IP address indicated it was hosted in Prague, Czech Republic, and associated with the business name Prague Software Service. In either case, nowhere near Uniblue’s home on the island of Malta in the Mediterranean Sea.

Unreasonable Expectations

I also have seen people knocking SpyEraser (presumably the real one), claiming it wasn’t an effective anti-virus utility.

Now this is the level of intelligence that software publishers and their support desks have to deal with on a daily basis! Even when it (the real SpyEraser, that is) was available, it was advertised by the developers as an anti-spyware tool, not anti-virus. So quite apart from those who were blaming the wrong product, you’ve got ignorant people condemning a product because it doesn’t do what it was never designed or advertised to do.

Unmitigated Crap!

Exploring a few of the anti-Uniblue links that were sent to me I soon saw that many of the claims were at best blatant misrepresentations of the facts, and at worst, outright lies.

For example, there were several posts along the lines of “Who is Uniblue? They don’t have any contact information on their website.”

Well, I didn’t have any trouble finding that information. Just look down the bottom of the Uniblue home page, or any other page on their site for that matter, and you’ll have all the links you need.

One guy said that the TRIAL of CleanupMyPC reported 9000 issues with his computer. However he DID NOT invest in the fully functional program (30-day money-back guarantee, remember) to see what it could do for him. Never-the-less he still felt qualified to give it a rating of 1/5 stars. Huh! Based on what? Not trying it?

Another knocker says it removed his cache without permission. Ahmm, sorry, no it didn’t — not “without permission”. All of the following can be enabled/disabled in CleanupMyPC at will:

• Clear the Internet Explorer cache
• Delete files on the recent items list
• Clean the Firefox download history
• Clean the windows temporary folder
• Clean the user temporary folder

Still, he also awarded the product a score of 1/5 stars, apparently based on the fact that he couldn’t be bothered understanding the program he was using.

This one made me laugh…

Plaintiff said he does all his “typing” using Dragon NaturallySpeaking (DNS), and claimed that CleanUpMyPC “obliterated a bunch of temporary files that DNS crucially needs for its next session”.

Well, I have troublesome RSI (a bad wrist) and have been using voice input via Dragon NaturallySpeaking for just over two years, day in and day out — it is almost my sole means of “typing” and data input. Every post I make to this blog and every e-mail I send out is dictated in its entirety via Dragon NaturallySpeaking. I also follow a couple of very active DNS forums. I have never experienced any such thing, nor have I ever seen anyone else make such a claim. A doctor of my acquaintance uses the Pro version of DNS with the medical dictionary, plus Uniblue products, and has never had a problem either.

Here’s a tip when troubleshooting ANYTHING:

• If an intelligent web search doesn’t turn up anyone else with the same symptoms as you, then the problem is almost certainly something unique to your system.

And of course:

• When you download software, be it a trial or the full thing, make sure it‘s coming from the actual publisher, not from some scam look-alike site.

One More for the Road…

OK, I could go on almost endlessly, but just one more. Quote:

“This laptop was a replacement for the one that was screwed up with their Driver Scanner and resulted in damaging the hard drive in my other laptop.”

So we’re supposed to believe that DriverScanner, which at the most will only install new versions of software, actually PHYSICALLY DAMAGED a hard drive!!! And he had to buy a new laptop as a result? Seriously, if you believe that, please note that I have the Sydney Opera House on the market if anyone’s interested. Going cheap.

Look, if you’re serious about fixing a problem and you genuinely want help to do so…

There’s Plenty of Help Available

And plenty of reliable information if you want to look for it.

What annoys me the most is not that there are so many hopelessly inexperienced people out there. I feel for them, and inexperienced users are one of the main reasons this website even exists.

The annoying part is the way so many inexperienced people will jump to unjustified conclusions and condemn good products from honest companies, doing immense commercial harm in the process. Others, just as inexperienced as them, are going to listen to their nonsense and themselves be disadvantaged because they’ll believe it.

I repeat what I said in my previous article:

I regularly use Uniblue PowerSuite to run RegistryBooster, CleanupMyPC and DriverScanner, and I unreservedly recommend PowerSuite and/or any of its components.

I’ll Even Help You Get Help

If you should encounter a problem your first port of call should be a support ticket to Uniblue at http://www.uniblue.com/support/. First look to see if your problem is one of several addressed on that page. If it isn’t then scroll to the bottom of that page where you will find this sentence:

“If you cannot find an answer to your question, please submit a ticket with your query and we will contact you as soon as possible.”

And when contacting any support line, please don’t forget that you are a member of a global community. I am in Australia; Uniblue is in Europe; most of my readers are in the UK, Canada and the USA, but there are some from almost every country.

My point being, give the support people reasonable time to respond, including allowing for weekends, and the fact that Monday where you are might still be Sunday where they are. Very few companies these days can justify the cost of having someone available for 24×7 support, except those providing very expensive and mission-critical solutions.

Finally, if you have a problem with the support you are getting (or not getting) from Uniblue, feel free to contact me through this blog’s Contact Form and I’ll chase them up for you. I don’t expect that will ever be necessary, but since I’m making the recommendation it’s the least I can do.

So don’t guess or be swayed by the ignorant!

You won’t know what these tools can do for you until you try them for yourself. They work just fine for me, and for many of my clients and acquaintances, and for countless reviewers who’ve rated them highly, and the many reputable companies that have partnered with Uniblue to promote their products.

And as I said, if you’re not happy with the results, there is always the protection of the publicly advertised 30-day money-back guarantee.

So instead of listening to the rantings of the ignorant…

Try Uniblue PowerSuite for Yourself

I’m keen to hear of your experience.

</rant>

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Regular readers will be familiar with my general dislike of software suites, particularly in regard to security applications. Too often we see a developer make a name for themselves initially with software that addresses one particular area of security, such as anti-virus, or anti-spyware, or personal firewall. Then they start trying to be all things to all people, branching out into other sectors; then inevitably bundling their different applications together into a “suite”.

But, in my experience, it is extremely rare to find one software publisher responsible for the development of the best of each type of application. I hold the security of my data in very high regard, so I want to be protected by the best-of-breed of each type of application – the best anti-virus, the best anti-spyware, the best personal firewall, and so on.

Attaining that goal usually means using different specialist applications from different suppliers.

Admittedly, non-security applications are usually a different story. It is generally important for the various components of an applications-type software suite to work harmoniously together, and that’s something that can only be realistically achieved by the one developer, such as the integration between the various components of Microsoft Office or Sun/Oracle’s Open Office. Even so, there may be components of a particular suite that you don’t want to use. Sometimes you can disable a component part of a suite (or just ignore it), and sometimes you can’t.

Performance & Optimization Software

The application category that I’m addressing in this article is performance, stability and optimization software, but there’s a good reason I opened up with a brief discussion of suites and security software.

If you’ve been reading this blog for a while you will have encountered my repeated praise for a product called RegistryBooster from Uniblue, a certified Microsoft Gold Partner company founded in 2003 on the Mediterranean island of Malta.

For some time now RegistryBooster has been available both as a standalone product and as part of a software bundle called PowerSuite. While I have long been a fan of RegistryBooster, to be honest I’ve never been that keen on PowerSuite. In an earlier incarnation the suite was a mixture of optimization and security applications, and I didn’t find the suite interface really to my liking either.

But things changed significantly for the better with the release of PowerSuite 2010.

The security component of earlier PowerSuite versions was called SpyEraser, and that is no longer included in the package or even available as a standalone application. Although SpyEraser did a pretty fair job, its removal from PowerSuite was a positive step. Why? Because it indicates that Uniblue is once again concentrating 100% of their development efforts on what they do best, and on what they made their good name in the first place: software that optimizes your system and enhances performance and stability.

The three components of PowerSuite 2010 are…

RegistryBooster

I’ve written about Registry cleaners and RegistryBooster extensively in previous articles, so I won’t allocate much space to it here. Everything I’ve written previously still applies. Please don’t ignore the two articles below as being out of date; they are as relevant today as ever, and will provide a lot of useful information for anyone new to Registry cleaners or who has led been led to believe that Registry cleaners are to be avoided for some reason.

• Choosing a Registry Cleaner
• Registry Cleaners Revisited: The Final Chapter

I’ve been using successive versions of RegistryBooster (the standalone version) since mid-2008, and it is one of the applications I rely on to keep my systems in pristine condition.

SpeedUpMyPC

One of the challenges with keeping a PC performing even close to optimally is the enormous number of settings, files and processes involved, and the fact that many of them are changing all the time. Over time you will become very aware that your system is slowing down, but how do you identify just what factor or component or setting is responsible? It can be very difficult and requires a fair degree of technical expertise.

And it’s not enough to just identify the cause — you then need the technical expertise to make the adjustments necessary to rid yourself of the “blockages” and recover speed and performance.

To the rescue rides SpeedUpMyPC.

SpeedUpMyPC first scans your computer to identify the processes, files and settings that are slowing you down, then it employs a range of powerful software tools to optimize your system for improved performance. With just a click or two on your part,  things like network settings, memory and CPU functions are all scanned and adjusted and junk files deleted from the hard drive. The end result can range from a marginal improvement to quite astonishing, depending on the original state of your system.

SpeedUpMyPC has saved me a lot of time that would otherwise have been spent on manually tuning my systems and keeping them in order.

DriverScanner

This is the one component of PowerSuite 2010 that I approached with some trepidation. To understand why, you need to know exactly what a “driver” is.

A driver is simply a special type of software program. More specifically, it is software that is designed to control a hardware device, such as a printer or mouse. In fact every hardware device that attaches to your computer, including keyboard and hard drive, requires a driver program that translates commands from the computer into the commands that the hardware device can understand.

Some drivers are loaded as part and parcel of the operating system, the keyboard driver being one example. For other devices you may be required to install the appropriate driver program when attaching a new hardware device to your PC. Microsoft provides a lot of drivers with each version of Windows, but obviously there is no way they can know about every device that you may ever want to connect.

Now in one respect drivers are no different than any other program, in that the developers of the software will periodically update the program. The reason for the update may be, for example, to take advantage of new hardware features, or to close security holes that have come to light, or even to resolve conflicts that have become apparent with other drivers or software. Whatever the reason, it should be obvious that it is usually in your best interests to update drivers when new versions become available.

But there’s a problem…

Malfunctioning or incorrect drivers can be a real headache, often manifesting as obscure glitches and failures, and the root cause can be damn difficult to track down. For that reason alone most people, including many IT professionals, adopt the attitude “if it’s working leave it alone”. But for reasons that should be obvious, that may not be the safest approach at all.

Unfortunately manufacturers who provide drivers for their hardware don’t always make updating a simple task. For any given printer you may find multiple driver versions on the manufacturer’s website, with no clear indication of which one you should choose. I guess the attitude might often be that the provision of free drivers is a necessary evil and doesn’t make them any money, so they write the software, upload it to their website, and consider the job done.

So can you understand my hesitation to use an automated tool for this purpose?

Still, nothing ventured nothing gained, and over the past couple of years I have developed a healthy respect for the high quality of Uniblue software, so I pushed ahead and gave it a go. And guess what…

DriverScanner worked flawlessly!

In their own words Uniblue claims that: “DriverScanner will then safely install each update on your PC”, and I have to say that has been my experience without exception.

I have run the full PowerSuite, including DriverScanner, on numerous occasions on several different systems. It has detected a number of out-of-date drivers with updates available, and performed the replacements without a single hiccup. Needless to say I am delighted with this result, because this component of PowerSuite alone is going to save me a lot of time, not to mention enhance my security (because I’ll always be running patched & up-to-date software) and give me the best performance from my hardware.

The PowerSuite Interface

The user interface is elegantly simple. Each of the three components is featured on the Overview tab and can be run separately (see image above). Using the interface is extremely simple and obvious. Whether you see a  “Launch Application” button or a “Start scan” link depends on whether or not an up-to-date scan is awaiting your attention. After running a scan, clicking a  “Launch Application” button will present you with details of the scan for that particular component. For example, here is the information window that is displayed when the  “Launch Application” button for the RegistryBooster component is clicked in the image above…

If you need to know more about what’s been detected and what will be fixed just click the “Detailed View” button. I rarely bother with this anymore as I have come to trust the software. And if it ever does make a mistake there is always the pre-fix backup that is performed automatically.

That’s definitely an improvement in safety! In earlier versions of RegistryBooster you had to confirm that, yes, you wanted to make a backup prior to running the fix. Now you don’t even have to do that — a backup is always performed and stored automatically.

Standard Software Installation Guidelines

When you try out PowerSuite for yourself (risk-free, see below), please be sure to follow these software installation safe practice guidelines:

• Reboot your computer before installing any software
• Close any applications that may have started with Windows
• Install Uniblue PowerSuite
• Reboot your computer again

It is always advisable to reboot before installing any new software. It may not always be absolutely necessary to reboot after installation. However sometimes it is highly advisable to reboot after an installation, even if the software doesn’t warn you to do so. By always rebooting before and after any software installation (or removal for that matter) you are covering all your bases and you’ll have a happier system in the the long run.

Product Support

I have a standard policy when it comes to reviewing anything — be it software or hardware. No matter how good product itself may be, if the support isn’t up to scratch I either won’t recommend it at all, or I’ll at least warn readers that support is poor or non-existent. As part of the review process I almost always submit a support request as a test to gauge response time and the usefulness of the reply.

No such reservations with Uniblue. I have always found them responsive and both willing and able to provide useful assistance. In every customer-to-Uniblue interaction of which I am aware they have always performed admirably.

Something I always like to see on Support Ticket forms is the ability for the customer to upload a file. After all, a screen-shot can save a lot of explanation. Uniblue support has made that provision.

Conclusion

The best recommendation I can give for PowerSuite is to say that…

• I have it installed on all my systems
• I use it regularly (automatic schedules are set within the program)
• I recommend its use to all my clients

Have never had a problem myself and have never received a complaint from anyone I’ve recommended it to.

Other reviewers have obviously come to the same conclusion. Here are some excerpts from an article that appeared on the OverClockers Club website:

• “…the SpeedUpMyPC 2010 utility proved itself by taking a highly junked up system and making it a bit faster.”
• “With the use of the Uniblue SpeedUpMyPC utility, I was able to shave 24 seconds off of the Windows start up time… The shut down time was also reduced to under 20 seconds.”
• “When used together with the other Uniblue products in their Power Suite, you have the tools to keep your computer running smooth and almost as fast as when you first got it.”
• “…a utility that just works.”

Seriously, if you’re at all concerned about keeping your PC optimized and in good order, Uniblue PowerSuite is a first-class way to achieve that goal.

Need More Incentive?

Want more? Right now Uniblue are making an offer you’ll find hard to resist…

• Special pricing offer: Uniblue PowerSuite 2010 is available right now at a significant discount. Click the link below for details.
  
• There’s also an extra software bonus thrown in. You’ll find it in the shopping cart at a price of $0.00.
  
• Immediate download day or night. No waiting for a CD to arrive by post.
• The nothing-to-lose clause: if for any reason you’re not 100% happy there’s a 30-day money back guarantee.

Try it out yourself – you won’t be sorry.

Click here to visit Uniblue PowerSuite on the web

Got an opinion or question? Please use the comment box below this article and I’ll respond where appropriate.

Your questions/objections may be answered  in
this follow-up article

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Just a quick off-topic but money-saving interjection folks.

In a hurry? Click here for a ClickBook discount

Regular readers of this blog will know how much I absolutely *LOVE* the fantastic printing utility ClickBook. I’ve been using it for years now, and it’s one of those programs I just wouldn’t want to be without. After the security stuff it’s one of the first applications I put on any new PC I’ll be using.

Well, the publishers are currently offering 20% off ClickBook and several associated products — but it’s only a very temporary offer, so don’t mull it over for too long.

HOT TIP: If you think you’ll be using ClickBook to print booklets (a task it makes dream simple) you will also want to take a look at one of the special staplers they have available.

Anyway, no point making a story out of it — it’s a great product at a great price, so just  click the button below to learn more and to…

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Now there’s RoboForm Online…

Yep, the world’s Best password manager just got even better! As regular readers will know only too well, RoboForm is one of my very favorite must-have applications, and something that I have recommended on many occasions.

I’m not at all reluctant to say that EVERYONE who uses a PC online should have RoboForm installed. For security of passwords, and password management, there is nothing better.

But…

One downside to RoboForm is that you will become so dependent upon it that you’ll be lost when using another computer where *your* RoboForm data isn’t available. The portable version (RoboForm2Go) overcomes this problem to a large extent, but there are still elements of inconvenience. For one thing you have to remember to sync your latest RoboForm master data to the portable USB drive before leaving home or office (as the case may be); and of course you must have your portable RoboForm2Go USB drive with you at the time when you need it. Well…

The Answer Has Arrived…

All such considerations are now moot with the release of RoboForm Online.

Your master RoboForm installation on your own PC will automatically synchronize your Logins, Identities and Safenotes to your RoboForm Online account, where you can access them using your personal login credentials from any PC, anywhere in the world!

When at a “foreign” computer where you need access to your RoboForm data, you just browse to online.roboform.com, click the Login tab, and enter your account credentials – the one username/password combo you need to have filed away in your grey-matter storage cabinet.

And commendably, like everything Siber Systems does, it’s very easy to setup and use. Here’s how it goes…

The registration form is very simple:

RoboForm Online: Free Registration Form

On submitting the form you will be given some simple directions on how to initiate the sync.Basically, you’ll do this:

Synchronisation

I had to run the sync twice before all of my Logins, Identities and Safenotes were stored in the online service, but I may have been a bit hasty with the first one, not allowing enough time to get everything transferred across. However it’s easy enough to check your local RoboForm storage against your online storage to see that the numbers are right. If in doubt, just run the sync again.

By the way, if you should encounter a dialog like this:

The Good Sync dialog

Just click OK and follow directions — pretty much everything will be done for you.

RoboForm Online is a welcome addition to the RoboForm family, and those of us who move around a lot and use different computers are going to be very grateful for its emergence.

Free Registration

To learn more and to register for a free RoboForm online account just click the button below.

Of course, to make use of RoboForm online, you need to have RoboForm installed on your main PC to start with. And I as I said in the opening paragraph, RoboForm is something that *every* computer user should have installed.

PS.
If you found this article useful, be sure not to miss future hints, tips, reviews & warnings. For timely notification of new posts please use the Subscriber Now box in the right-hand column of this page.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

In Part 2 of this series I want to talk about protecting your social networking account, and it all boils down to…

PASSWORDS

And No… you probably don’t already know everything you need to know about passwords, so you really need to keep reading. I’m going to show you exactly some of the ways the bad guys get at your passwords.

If you missed it please first read
 Social Networking Self-Defense: Part I

So it’s pretty obvious that anyone who gets hold of your login credentials, most importantly your password, can modify your personal pages to their heart’s content.

Now, you might be thinking something like “OK, I’ll memorize my password, never write it down, and never tell anyone”.

Well, good, that at least that would be a step in the right direction, but unless you clearly understand how vulnerable passwords are, it won’t be a big enough step. Not by a long shot.

Let’s take a look at password cracking itself…

How to Crack Passwords

Something that very few computer users realize is just how easily common passwords can be cracked. There are all sorts of special password cracking programs readily available to those who take the trouble to look. None of those programs are infallible, but one thing is certain: passwords made up of common words, or common words with a few numbers appended, are usually cracked fairly quickly.

In the past, when writing on this topic, I have always avoided giving any details on password cracking programs. I just didn’t want to be responsible for encouraging anyone to seek out and use such tools.

However, search engines such as Google, Bing, Yahoo etc have become so accurate and all-inclusive as to make these things fairly easy to find. So now I think I can probably achieve more by actually proving their existence to you.

Here’s a list of the 10 top password crackers, according to the Security Tools [http://sectools.org/crackers.html] website, with their descriptions slightly edited for this article.

|
All of those programs work on Windows, and many of them on other operating systems as well. Obviously not all are suitable for cracking all types of passwords under all circumstances, but in the hands of even a reasonably competent person any of several can be a serious threat to your security.

Still not convinced?

A recent Computerworld article describes the massive market for usernames and passwords or social network accounts. One hacker alone has 1.5 million Facebook accounts on offer!

Seriously, you REALLY need to click here and read that article.

And hey! If you aren’t already calling up your Facebook account to change the password (in line with the suggestions here-in) then I’m afraid you’re a sucker just waiting to be sucked dry.

What NOT to do

As a result of a major phishing attack in late 2006 approximately 34,000 MySpace passwords became available for download. Some researchers saw this as an opportunity to analyze what sort of passwords people were using. Here’s a list of the 20 most popular passwords:

|
Not one of those passwords would present the slightest problem to a decent cracking program. Here are some more statistics from the analysis of those 34,000 passwords:

• Numbers were used in well over half the passwords.
• When used, numbers were most often appended to the end of the password.
• Almost 1% of users had the word “password” as all or part of their password.
• Words, colors, years, names, sports, hobbies and music groups were very popular.
• Other popular words include: angel, baby, boy, girl, big, me, the.
• Cuss words were very popular. Because these are common and well known they should be considered as dictionary words, whether they appear in any “real” dictionary or not.
• Also popular were the names of sports (golf, football, soccer, etc.), professional sports teams and college team nicknames.

Again, all very easy stuff for a good cracking program.

I’ll be going into some detail here because I want you to understand very clearly the extreme importance of using good strong passwords if you are serious about protecting yourself.

So let’s look now at exactly what makes for a strong password, from the password cracker’s point of view.

What you SHOULD do

The most important aspects of a password are its length and composition, but there is an apparent catch involved. If length and composition are right for a strong password, then it’s very unlikely you’ll be able to remember even one password, let alone the many that most people need to use. But don’t worry, we’ll solve that dilemma in a moment. First let’s look at the password itself.

The length aspect is simple: the longer a password, the harder it is to derive using special password cracking tools.

Composition is a bit more complex. To be truly effective, the characters that make up the password should consist of a mixture of upper and lower case alphabetic characters (A-Z, a-z), numerals (0-9), plus punctuation and special characters (!@#$%^&*). In addition, repetition of characters should be kept to a minimum and the password should not contain any real names or dictionary words. Here is an example of a 20 character password that conforms nicely to those rules:

Mu49#SLQ&p5^eh!6M9B2

Yes, I know what you’re thinking:

“How on earth could I ever remember something like that?”

And the answer is…

For PC users  : RoboForm
For Mac users : 1Password

Now, I’m a PC user, so I don’t use 1Password, but I have read their material, watched a video on the product and asked some Mac users whose opinions I respect. What I can tell you is that it works very much like RoboForm, performing much the same tasks, and is highly regarded by those Mac users I consulted. For all practical purposes any mention of RoboForm features that follows applies also to 1Password.

When installed, both RoboForm and 1Password take up residence on your browser toolbar.

Secure password generation is a handy feature, but the real power of RoboForm, and the thing that makes it so indispensable to security minded people, is that it can remember the complex passwords that it generates, and also remember which website or login form each password relates to. This is a massively significant feature.

On visiting a web page that contains login fields, RoboForm provides you with a one-click prompt that will fill in all the necessary fields with login information that is specific to that page only.

Similarly, when you manually fill in login fields for a site that you haven’t visited before, you can quickly and easily store those login credentials for one-click retrieval on future visits to that site.

In other words, the longer and more complex a password the better, because you’ll never have to remember it. Nor do you need to be tempted to use the same password on multiple websites, because with RoboForm having five, 25 or 50 long, complex, meaningless passwords is no more of a load on your brain than having just one.

RoboForm offers another extremely useful feature not directly related to passwords but worthy of mention if it will entice you to use this excellent utility.

One-click filling out of forms with any number of personal details can be a real time saver. Name, address, landline phone number, mobile number, fax, date of birth, credit card details — virtually any sort of information required on a form can be intelligently provided with a single click. That’s one click for the whole form, not one click for each field! RoboForm knows what’s being asked for and provides just that.

Both RoboForm and 1Password offer free 30-day trials, after which each application will continue to operate but with a reduced feature set. Here’s the situation was RoboForm:

|
By all means trial the product first, but believe me, purchasing the full version is a very easy decision. Most people will definitely need many more than 10 pass cards alone, not to mention how useful multiple identities and profiles can be, and the ability to create numerous custom fields.

Again, here’s where to get‘em:

For PC users  : RoboForm

For Mac users : 1Password

And remember…

The first line of defense is the human brain.
Keep it engaged when online.

Related articles

• SSD tools crack passwords 100 times faster

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Password selection and personality? A couple of days ago I read a book review in one of our local newspapers, in which the authors (of the book) suggested that the computer passwords you select can reveal a lot about your personality. Let me say right up front that if that’s the case — if your passwords do reveal a lot about your personality — then you are sadly, even dangerously, off track in the way you select passwords.

For more on passwords you might want to take a look at this earlier article of mine, but first let’s look at this personality thing.

The authors nominated eight password categories and assigned specific personality types to each…

1. A lover’s name. You are a loyal type likely to stray, but can also indicate obsession or lack of imagination.

2. Work-related. A dull or career-obsessed workhorse who lack the imagination necessary to climb the corporate ladder.

3. Numerical passwords. Logical to the point of humorlessness.

4. Your own name or nickname. Self-obsessed and egotistical, but also over-confident, driven and desperate to achieve.

5. Fantasist. Using passwords like “sexy”, “stud” or “goddess” is similar to using your own name/nickname, but you’re also likely to be a risk taker and thrill-seeker away from work.

6. Names of pets. The nostalgic type. You believe that other people just don’t understand you so you reserve your sensitive side and innermost thoughts for “Fluffy” or “Spot”.

7. Favourite band, sports team, etc. You’re a romantic, and life is one long, determined fight to stay happy and positive. People either admire your upbeat attitude or see you as a gullible sucker.

8. The Cryptic. You “agonize” over concocting passwords that are an intricate mix of letters, numbers and punctuation marks. In the author’s words: “This air of intellectual mystery defines you as pretentious, arrogant and more than a little paranoid”.

What do you think? See yourself in any of categories 1 to 7? If so, I’d really like to get you headed in the right direction.

The category that bothers me the most is #8. The purpose of a password is to protect something, and an easily guessed password is little or no protection. If it is your habit to choose passwords that are an “intricate mix of letters, numbers and punctuation marks”, then I don’t really care about the psychology behind your reasoning because, from a security standpoint, you are way ahead of everyone else.

On the other hand, if you don’t use passwords that are an “intricate mix of letters, numbers and punctuation marks” then I strongly suggest you forget the pop-psychology and start doing just that.

The Solution

Fortunately you don’t have to “agonize” over coming up with good, reliable, secure passwords. There is an excellent — I’ll go so far as to say indispensable — application that will not only create truly arcane passwords quickly whenever you need one, but it will even remember them for you. After all, one of the reasons that many people don’t use truly appropriate passwords is that they can’t remember them.

I’ve mentioned it before, and no doubt this won’t be the last time you’ll hear me extolling its virtues, because I see this little tool as a very important part of your security arsenal. It’s called RoboForm. There is a free version which you can use to get a feel for the product, but anyone serious about their online safety will want the full version.

Finally, I haven’t read the book that prompted this article, and to be honest I’m not likely to, although I admit to a passing interest in the study of body language. But if it’s the sort of thing that takes your fancy you can find “The You Code” on Amazon.com

Related articles:

• Most users don’t change password often enough, report says
• Please Hack Me. My Password is 123456

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Yes folks, it’s Patch Tuesday again! On the second Tuesday of each month Microsoft releases software patches & updates for their various products, so this is a very important day for all Windows users who care about their privacy and security [full summary here].

Why? Well..

Often a Microsoft patch or update will close a vulnerability that, if left unaddressed, could allow an attacker to take complete control of your computer.

And that’s something you REALLY don’t want!

Keeping your installation patched up-to-date is so important that, whether or not you have Automatic Updates enabled, at this time of each month it’s still wise to manually double-check that everything that matters has been installed. Don’t be put off by the word “manually” — it’s a quick and easy process.

HERE’S HOW:

• Point your web browser to: http://www.update.microsoft.com
• Click the Custom button.
• Install any high-priority updates that are reported.

But Don’t Stop There!

In the column on the left-hand side you will see links for:

• Software, Optional (n)
• Hardware, Optional (n)

The number in brackets indicates how many updates of that type are applicable to your computer. If the number is anything other than (0) then click that link and investigate, installing the update if necessary (or if in doubt). Similarly, you may find relevant updates in one of the links under “Select by Product”, so do the same with any of those.

WEBCAST:
Each month, in association with PatchTuesday, Microsoft presents an online Webcast to address customer questions on the bulletins for that month. Webcasts are usually initially presented on the Wednesday, the day after Patch Tuesday, at 11:00 AM Pacific Time (US & Canada). They are also recorded and available for later viewing. To register for a Webcast or to view Webcasts that have passed, click this link.

By the way… SymmTime is a great on-screen world time utility for anyone who needs to check or convert times around the world. It’s free and highly configurable.

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come? Well, because…

If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cyber-grubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

PS #1: When you read some of the related articles below you will encounter numerous instances of “Microsoft recommends updating Internet Explorer to version 8″ and “Microsoft recommends avoiding blah blah blah” and etc. Listen up! You’ll be orders of magnitude safer if you take my advice instead — download the free Firefox browser and give Internet Explorer the flick. IE has been a real security problem for a long time and it’s going to continue to be so well into the future. Firefox is a far better browser in every respect.

PS #2: Users of Microsoft PowerPoint need to be alert to the situation revealed in this article.

Related articles:

• Patch Tuesday sees new fixes and warnings
• Microsoft warns of new IE bug; attacks under way
• Microsoft skips patch for PowerPoint add-on
• Office updates patch Excel security flaw
• Microsoft warns of zero-day IE hole on Patch Tuesday

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

This is Microsoft’s biggest batch of patches & updates in a long time, and you really MUST pay due attention.

Yes folks, it’s Patch Tuesday again! On the second Tuesday of each month Microsoft releases software patches & updates for their various products. This month there are something like 13 updates addressing a total of 26 potentially harmful vulnerabilities, so this is a very important day for all Windows users who are concerned with their privacy and security.

Why? Well…

Often a Microsoft patch or update will close a vulnerability that, if left unaddressed, could allow an attacker to take complete control of your computer.

And that’s something you REALLY don’t want!

Keeping your installation patched up-to-date is so important that, whether or not you have Automatic Updates enabled, at this time of each month it’s still wise to manually double-check that everything that matters has been installed. Don’t be put off by the word “manually” — it’s a quick and easy process.

HERE’S HOW:

• Point your web browser to: http://www.update.microsoft.com
• Click the Custom button.
• Install any high-priority updates that are reported.

But Don’t Stop There!

In the column on the left-hand side you will see links for:

• Software, Optional (n)
• Hardware, Optional (n)

The number in brackets indicates how many updates of that type are applicable to your computer. If the number is anything other than (0) then click that link and investigate, installing the update if necessary (or if in doubt). Similarly, you may find relevant updates in one of the links under “Select by Product”, so do the same with any of those.

WEBCAST:
Each month, in association with PatchTuesday, Microsoft presents an online Webcast to address customer questions on the bulletins for that month. Webcasts are usually initially presented on the Wednesday, the day after Patch Tuesday, at 11:00 AM Pacific Time (US & Canada). They are also recorded and available for later viewing. To register for a Webcast or to view Webcasts that have passed, click this link.

By the way… SymmTime is a great on-screen world time utility for anyone who needs to check or convert times around the world. It’s free and highly configurable.

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come? Well, because…

If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cyber-grubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

Related articles:

• Microsoft planning major security update
• Microsoft Finally To Patch 17-Year-Old Bug

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

I recently received a question from a reader asking how thieves were apparently able to detect laptops out of view in locked cars, say either covered up or in the trunk (or “boot”, depending on where you live).

This is a topic that’s seen batted around for some time and has attained the status of urban myth, with its share of believers and disbelievers and little in the way of hard facts or proof.

It’s a question I started to look into some time back, but for one reason or another I got sidetracked and never followed through to a conclusion.

Having the question raised again prompts me to present what little I know and request input from anyone who may have definite knowledge, particularly from any technicians who have experience with the types of devices I’ll mention hearing of.

I’ll start with what I consider to be the most unlikely method of laptop detection.

Inductive Amplifiers

Now this is just something I’ve pieced together from bits and pieces here and there, so in mentioning it all I’m trying to do is open the discussion. I’m definitely not suggesting this is possible or practical — because I simply don’t know — but frankly I doubt it.

Proponents of this “myth” claim that it is possible to detect the presence of a laptop computer using a device called an inductive amplifier.

There have been quite a few unsupported and unsubstantiated reports that police in Selangor, Malaysia caught thieves red-handed with one version of an inductive amplifier, called a Model 200EP Tone Probe, that particular device being manufactured by Tempo-Textron, but there are of course many others. [Note: I found the Tempo-Textron site to be out of service a lot. Sorry, but nothing I can do about it.]

Personally I’m more inclined to think that any thief in possession of an inductive amplifier would be using it to disable car alarms.

Battery Detectors

Another fairly common suggestion is that the presence of a laptop can be detected by use of a so-called “battery detector”. Various types of battery detectors do exist, but to my knowledge their effective range is very small, and there would be myriad problems using such a device to detect a laptop in a car. For one thing I would expect that the metal enclosure of a car boot would provide a very effective barrier, not to mention all the other power sources that are constantly active in a vehicle.

As to the electrical properties of a laptop, there is ALWAYS some power present, whether the laptop is shut down or not, even if you remove the main battery. On the computer’s motherboard is a small battery much like that which runs your electronic watch. For historical reasons it is generally referred to as a CMOS battery. At the very least this battery maintains the real time clock, and it may maintain other settings as well. I believe voltages range from 3 volts to 4.5 volts, depending on make/model/brand/etc. There may even be more than one such board-mounted power source.

But detecting a laptop in a motor vehicle with a battery detector? I’m sceptical.

Bluetooth Scanning

The more obvious danger is leaving your laptop on or in sleep mode, such that its Bluetooth capabilities (if any) are active. Bluetooth scanning will reveal not only the presence of a laptop or high-end phone, but also its make/model. And such identification opens up the possibility of “steal to order”, allowing high-end devices to be specifically targeted. There’s plenty of information available on Bluetooth detection so I won’t belabor the point further here. Anyone wishing to research this further could try some of these keywords:

• Bluetooth Scanning
• BlueBugging
• BlueJacking
• BlueSnarfing

I don’t think rehashing unsupported myths and suppositions serves any purpose, but if you have any definitive information on how laptops and/or high end mobile phones might be detected inside a locked car I’d certainly like to hear about it. Please use the comments box below…

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

It’s Patch Tuesday again, that day each month when Microsoft releases software patches and updates for their various products.

Patch Tuesday is a very important day for all Windows users who are concerned with their privacy and security.

Not infrequently a Microsoft patch or update will close a vulnerability that, if left unaddressed, could allow an attacker to take complete control of an affected system.

And that’s something you REALLY don’t want!

Keeping your installation patched up-to-date is so important that, whether or not you have Automatic Updates enabled, at this time of each month it’s still wise to manually double-check that everything that matters has been installed. Don’t be put off by the word “manually” — it’s a quick and easy process.

HERE’S HOW:

• Point your web browser to: http://www.update.microsoft.com
• Click the Custom button.
• Install any high-priority updates that are reported.

But Don’t Stop There!

In the column on the left-hand side you will see links for:

• Software, Optional (n)
• Hardware, Optional (n)

The number in brackets indicates how many updates of that type are applicable to your computer. If the number is anything other than (0) then click that link and investigate, installing the update if necessary (or if in doubt). Similarly, you may find relevant updates in one of the links under “Select by Product”, so do the same with any of those.

WEBCAST:
Each month, in association with PatchTuesday, Microsoft presents an online Webcast to address customer questions on the bulletins for that month. Webcasts are usually initially presented on the Wednesday, the day after Patch Tuesday, at 11:00 AM Pacific Time (US & Canada). They are also recorded and available for later viewing.  To register for a Webcast or to view Webcasts that have passed, click this link.

By the way… SymmTime is a great on-screen world time utility for anyone who needs to check or convert times around the world. It’s free and highly configurable.

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come? Well, because…

If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cyber-grubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

Related articles:

• Adobe patches PDF zero-day, other critical bugs
• Microsoft urges Windows XP users to ditch old Flash version

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.