Month: June 2007

A mother (who is also a former cop) gets in trouble over sippy cup.

“I demanded to speak to a TSA [Transportation Security Administration] supervisor who asked me if the water in the sippy cup was ‘nursery water or other bottled water.’ I explained that the sippy cup water was filtered tap water. The sippy cup was seized as my son was pointing and crying for his cup. I asked if I could drink the water to get the cup back, and was advised that I would have to leave security and come back through with an empty cup in order to retain the cup. As I was escorted out of security by TSA and a police officer, I unscrewed the cup to drink the water, which accidentally spilled because I was so upset with the situation.

“At this point, I was detained against my will by the police officer and threatened to be arrested for endangering other passengers with the spilled 3 to 4 ounces of water. I was ordered to clean the water, so I got on my hands and knees while my son sat in his stroller with no shoes on since they were also screened and I had no time to put them back on his feet. I asked to call back my fiancé, who I could still see from afar, waiting for us to clear security, to watch my son while I was being detained, and the officer threatened to arrest me if I moved. So I yelled past security to get the attention of my fiancé.

I’ve always been suspicious of those cups. So cute… but we all know looks are deceiving. After all, you can never be too careful.

Alex Eckelberry
(Image courtesy of BuyCostumes.com. And thanks, Stu.)

It’s a curious observation that the more governments try to control people, the more difficult it becomes. Contrast that with the observation that the more you treat people like intelligent human beings, the more they start acting like it (it’s my belief that if you treat people like children, you’ll not get your desired effect).

At any rate, in Britain’s inexorable march to apparently follow in the path described by one of its most brilliant writers (Orwell), they have put cameras virtually everywhere.

And now they’re using cameras to spy on people’s trash-binning habits.

Householders in a seaside town have been told to put their bins out at the front of their homes and not in an alleyway to the rear.

They must also leave their rubbish out between set times to ensure it does not attract pests or miss the dust cart.

To enforce the new rules, a camera will be placed in a rubbish bag and left in an alleyway to blend in with the surroundings to catch offenders. Those filmed breaking the rules will be given a ticking off.

Repeat offenders could be handed a fixed penalty notice or even be taken to court and fined up to £1,000.

The tiny covert camera, which has cost Weymouth and Portland Council, Dorset, up to £10,000, will also help catch householders who put their rubbish out too early or too late…They will only be allowed to put out their rubbish between 8pm and 6am the night before collection and it will have to be at the front of their homes.

Do you think the citizens of this town might find this a bit insulting?

Link here.

Alex Eckelberry

I think everyone involved in malware takedown is getting very tired of ISPs who don’t have 7 day abuse desks.

Take, for example, one very dangerous IRS phish making the rounds right now. It’s another in a number of targeted attacks we’ve been observing lately.

[BEGIN EMAIL SAMPLE]

Subject: Tax Information – (individual’s name) – (Code individual’s email address-plus a sequence of codes)
From: “IRS.gov” <service@IRS.gov>
Date: Sat, 16 Jun 2007 10:35:49 -0400
To: (individual’s email address)

Account : (individual’s name)
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $163.80. Please submit the tax refund request and allow us 3-5 days in orders to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records of applying after the deadline.

To access the form for your tax refund, please click here.

Regards,

Internal Revenue Service

[END EMAIL SAMPLE]

This phish is unique displays the recipients correct name and email address on the To: and Subject line. But the real kicker is this — embedded in the URL is the recipient’s email address, and when the recipient connects to the website, the website pulls up the recipients actual name, email and street address and displays that in the form!

So not only is the email targeted, but there’s a complete back end database containing information on the intended victim. The site is obviously prompting for credit card information.

Here’s what’s frustrating: The site is hosted by Earthlink. Already, attempts have been made to get this site shut down, to no avail. As the person doing the takedown says “I was told that the only people permitted to shut the site down is the abuse team, and they don’t work nights/weekends/holidays.”

So Earthlink will let hundreds, possibly thousands of people get phished over the weekend, because they can’t have even one person manning their abuse desk on the weekend.

What’s ironic is that often the smaller ISPs are the ones that are the fastest to react. The big ones, especially ones like Yahoo and AT&T, make it monumentally difficult just to get an actual phone number for them.

And in cases like this, it’s critical to be able to react rapidly.

My feeling? ISPs must have a basic level of security credentials and 7–day abuse service.

This has to stop. Really.

Alex Eckelberry

Oxford Economics, in conjunction with Tom Ridge (the first DHS secretary) have analyzed travel patterns to the United States and have found travel to the US to be on a decline. Survey data indicates that a major reason may be overly restrictive security and immigration policies. The eoconomic impact is not trivial — it’s to the tune of over $100 billion dollars over the last seven years.

Overseas travel to the United States has fallen 17 percent since its peak in 2000, with a cumulative cost of more than $100 billion in lost visitor spending, almost 200,000 jobs and $16 billion in lost tax receipts. World economic growth has been stronger during the past three years than at any other three-year period in the past thirty years. Almost all destinations – outside of the United States – have benefited from increased inbound travel amidst this rising economic tide. Worldwide, international travel has been expanding at a rate of six percent per year.

Making the decline all the more perplexing, the United States is a price-attractive destination for international visitors with the dollar weakening 30 percent against the euro and 22 percent against the pound since 2001. Historically, a weakening dollar should drive robust gains in visitation to the United States.

A survey of 2,000 foreign travelers starts to indicate why travel is down:

– By a greater than two-to-one margin, respondents say the United States has the “world’s worst” entry process;

– Sixty-six percent of respondents say they are worried they may be detained for hours because of a simple mistake or misstatement at a U.S. airport;

– More respondents were concerned about U.S. immigration officials (70 percent) than the threat of crime or terrorism (54 percent) when considering a trip to the United States; and

– Sixty-one percent of respondents believe that the United States makes little effort to attract international visitors compared to other countries.

In other words, we’re scaring the crap out of these people with our security and entry policies. And incredible as it may sound to some, not everyone who enters the United States is actually a terrorist.

I’m, obviously, all for good security. But when “security theater” significantly affects us economically, one has to rethink how we’re protecting this country and what we can do optimize the process toward pragmatic solutions.

Alex Eckelberry
(Hat tip)

So I came back from lunch yesterday and found Robert LaFollette (our creative director and a favorite of this blog) walking around the office barefeet.  Surprised, I asked him what had happened to his shoes.  Well, it turns out he got a bit wet on his lunch break.

He had gone out to drop by the Clearwater Marine aquarium to handle some paperwork from a photo shoot he’d done (this is a small aquarium that does a tremendous amount of local environmental work — all on a volunteer basis). 

Unexpectedly, he found himself in the middle of a turtle release — and this was a big deal, with news cameras, etc.  Since the aquarium people knew him, he was invited to come along and photograph the event.  He found himself in the back of a pickup truck, sitting next to a very, very large female loggerhead turtle.

The turtle was driven down to the beach and released, and it was all quite dramatic. 

You can read his blog post about it here and see his photos of the event here.

Never a dull moment.

Alex Eckelberry

Yesterday, Senator Mark Pryor introduced the Counter Spy Act of 2007 to make it illegal for companies or fraudsters to implant spyware on a person’s computer without consent. I just love to see my product name in an act of Congress. 

Ok, putting the sophomoric humor aside, I’ve outlined my feelings on these laws, and Declan McCullagh has weighed in as well.

Alex Eckelberry

One of my favorite comedy shows, FamilyGuy, had a recent segment where one of the characters runs for mayor, and realizes the power of using terrorism to get elected. Very, very funny — and a bit sad.

In that vein, there is a very good post this morning over at Schneier about the recent “plot” to blow up JFK fuel tanks:

The alleged plan, to blow up JFK’s fuel tanks and a small segment of the 40-mile petroleum pipeline that supplies the airport, was ridiculous. The fuel tanks are thick-walled, making them hard to damage. The airport tanks are separated from the pipelines by cutoff valves, so even if a fire broke out at the tanks, it would not back up into the pipelines. And the pipeline couldn’t blow up in any case, since there’s no oxygen to aid combustion. Not that the terrorists ever got to the stage — or demonstrated that they could get there — where they actually obtained explosives. Or even a current map of the airport’s infrastructure.

But read what Russell Defreitas, the lead terrorist, had to say: “Anytime you hit Kennedy, it is the most hurtful thing to the United States. To hit John F. Kennedy, wow…. They love JFK — he’s like the man. If you hit that, the whole country will be in mourning. It’s like you can kill the man twice.”

If these are the terrorists we’re fighting, we’ve got a pretty incompetent enemy.

You couldn’t tell that from the press reports, though. “The devastation that would be caused had this plot succeeded is just unthinkable,” U.S. Attorney Roslynn R. Mauskopf said at a news conference, calling it “one of the most chilling plots imaginable.” Sen. Arlen Specter (R-Pennsylvania) added, “It had the potential to be another 9/11.”

These people are just as deluded as Defreitas.

The only voice of reason out there seemed to be New York’s Mayor Michael Bloomberg, who said: “There are lots of threats to you in the world. There’s the threat of a heart attack for genetic reasons. You can’t sit there and worry about everything. Get a life…. You have a much greater danger of being hit by lightning than being struck by a terrorist.”

And he was widely excoriated for it.

Link here.

Now, to all those commenters who invariably accuse me of some ridiculous thing like not understanding the “real problem”, that’s nonsense. I don’t want to see terrorists any more than the next person.

But what really concerns me is the silly security theater, political grandstanding and other nonsense that we’re doing in this country at the expense of our civil liberties and practical considerations. It seems the voice of reason is being lost admidst a sea of hysteria, and anyone who talks out about it gets accused of being some commie pinko leftie (which I’m decidedly not).

Alex Eckelberry

Rather humorous.

More here.

Alex Eckelberry

I don’t know if you caught Paperghost’s post on SpywareGuide recently about a fake Windows update popup pushing malware on MySpace, but it is just extraordinarily nasty.  Just look at this screen shot:

(I believe this is gone from MySpace now.)

More here.

Alex Eckelberry

Most dangerous types of web sites
We all know that some web sites have embedded controls or code that can result in “drive-by downloads” – programs installed on your computer that you don’t want and that may be malicious. But are certain types of sites more likely to put you at risk than others? Absolutely. And if you search for certain terms, they have a higher probability of returning URLs that lead you to dangerous sites. According to an AP story last week, you’re in the most danger of stumbling across a malicious site when you search for terms related to music or technology. The good news is that the number of high risk sites in search engine results is lower than it was a year ago.

Send live video from your cell phone to the web
Want to share your son’s big moment in the high school football game with dad, who’s out of town on business, almost as it happens? Want grandma to be able to “be there” for your daughter’s graduation virtually as well as just in spirit, even though she lives a thousand miles away? A new service called PocketCaster lets you do all this and more. If you have the right model of G3 mobile phone, you can take video and broadcast it to a web page as a live stream with only a small delay (less than half a minute). Others can view it on their computers with Windows Media Player or QuickTime. Is that cool or what?

At the moment, it’s free, although you do have to sign up. You can install the software on your phone or, if your phone doesn’t support SMS, you can access the software from a web site via your phone’s web browser.

Why would an anti-spyware law be bad?
We all hate spyware, those insidious software programs that install themselves on our computers without our knowledge and then “phone home” with information about us. We hate it so much that many people said “there ought to be a law” – and that propelled legislators to do what some might argue legislators do best: pass hastily contrived and potentially harmful legislation.

The U.S. House recently passed the Spy Act by an overwhelming majority (368 to 48). After all, no one wants to appear to be soft on privacy violators. But many in the computer industry, who really understand the problem, believe it’s a bad law that will have unintended consequences. Read what our own Alex Eckelberry had to say about it in his blog a short while back for a better understanding of why this law is not the answer.

Customize IE 7 with free add-on
IE7 Pro is an add-on for the latest version of Internet Explorer that lets you extend its functionality by adding a Firefox type spell checker, tabbed browsing management, inline search and more. One cool feature is Super Drag and Drop, with which you can open new links by dragging and dropping them on the page. The crash recovery feature can be a godsend if you’re deep in a maze of research when IE gives up the ghost. It automatically restores open pages after the crash. You can check out all the features and download the software to give it a try.

Vista: Tag – you’re it!
One of the neatest new features in Windows Vista is the ability to tag your photo files without third party software. Tags are metadata (file properties) that can be searched, so adding tags makes it easier to organize and find your pictures. You can open the new info pane to add tags or view tag information about an existing file.

You can also add titles, subjects, ratings, comments, author name, copyright info and more to a photo’s properties. Just right click the photo file, select Properties and click the Details tab. When you hover over the Value column, a text box will appear where you can type in the information.

How to make the status bar display all the time in XP and Vista
I’ll never know why Microsoft doesn’t turn on the status bar at the bottom of the Windows Explorer window by default. Being able to see how many items are in a folder and the amount of disk space that’s free on the drive are convenient, but you have to go through a few steps to get it to display – even after you turn the feature on, it may go away when you move to a new folder unless you set it to stay permanently. Here’s how:

1. Click Start Explore to open Windows Explorer.
2. Click a folder in the left pane.
3. Click the View menu and select Status Bar. This turns the status bar on, but only for that folder.
4. Click the Tools menu and select Folder Options.
5. Click the View tab.
6. Under Folder Views, click the Apply To Folders button. This makes the view you just selected apply to all folders of the same type.

Four Fixes for June Patch Tuesday
This week brings us Patch Tuesday, and it’s a fairly light one. Microsoft is releasing only six security bulletins, but four are for critical problems (the highest possible severity rating) so it’s important that these get installed on your system ASAP if you use the products that are affected. That includes Internet Explorer, Outlook Express, Windows Mail and Visio.

Does Vista include DRM to keep me from playing or copying movies?
QUESTION: I’ve heard a lot of stuff about Vista’s digital rights management (DRM) that’s built in to keep us from being able to copy music and movie files. Is it true that Microsoft is trying to keep us from copying what we want to? I haven’t bought Vista yet, largely because of this issue. – Kim J.

ANSWER: It’s true that Vista contains copy protection technology. That technology is necessary for you to be able to play some of the new DVDs, especially HDTV and Blu-Ray movies. If Vista didn’t support the technology, those discs wouldn’t play at all, because the content owners build the protections into the discs themselves and those apply not just to Vista PCs but to DVD players and non- Windows computers. For a detailed discussion of this by Nick White, a Microsoft product manager, click here.

Network icon doesn’t update in XP
If you disconnect and then reconnect an Ethernet cable on Windows XP with Service Pack 2 (or Windows Server 2003), the network icon in the notification area (system tray) may not update to show the new status. Instead the red X indicating an unplugged cable remains. This only happens with particular network card drivers and it doesn’t affect the actual operation of the network, but if it bothers you, there’s a workaround. See KB article 899759.

Can’t remotely shut down an XP computer with screensaver active
If you find that you can’t do a remote shutdown on your Windows XP computer when the screensaver is active, it may be because a certain registry setting is disabled. There’s a hotfix; you can find out more in KB article 329142.

Can’t install some programs after restoring Vista
If you use the Windows Complete PC Backup and Restore Image option to restore a Vista computer, you might get an error message that says “the directory name is invalid” when you try to install certain programs. This happens because the Temp folder didn’t get restored. For instructions on how to fix the problem, see KB article 932142.

Until next week,

Deb Shinder

Last week’s Windows Secrets newsletter featured a story by Scott Dunn about Ed Foster’s crusade against bad End User License Agreements (EULAs). EULAs have been the bane of the existence of computer users for decades – at least, those who even bother to read them or acknowledge their existence.

The EULA has been held up as a binding legal contract between the software vendor and the end user (the person who purchases, installs and/or uses the software). However, EULAs differ from traditional contracts in several ways. Perhaps most importantly, there is (currently, at least) no formal signature proving that a specific person entered into this agreement. Although verbal contracts have long been considered valid by the courts in some circumstances, a key element of enforcing a contract is proving that the parties actually made the agreement in the first place – and without undue duress or trickery.

In almost all cases of consumer software, EULAs are “signed” by clicking a button that says “I agree.” There’s no way to prove later, however, who clicked that button, which could (or at least should) make it problematic to enforce the terms of the EULA against a specific user. At some time in the future, all computer users may be required to obtain digital signatures, which use certificates issued by certification authorities verifying a person’s identity. Digital signatures may one day be required to send email and other electronic communications, as well as to sign electronic contracts. But at the moment, software companies have no way to determine who accepted the contract.

Another difference between EULAs and contracts for, say, buying a new car, is that with traditional contracts you get to read and sign the contract before you part with your money for the product or service. Software EULAs are typically displayed for “signing” after you’ve plopped down the cash (or charged your credit card). In the case of boxed software, you do get a printed copy of the EULA but it’s inside the box; you don’t see it until after you’ve spent the dough and taken it home. In the Internet age, this problem has been ameliorated somewhat by the ability of vendors to post their EULAs on the web so you can check it out before you buy – if you have Internet access. For example, you can go to this website to find the license terms for most Microsoft products. Still, few folks read the contract before (or even after) purchasing the software.

All this wouldn’t really be an issue, if EULAs were simple agreements laying out reasonable terms of use. And some are. But most are lengthy jumbles of legal jargon that leave those few who do read them confused and frustrated. And some insert terms to which the average user would object, if he knew what he was agreeing to. For instance, many EULAs give the software company the right to collect information about your computer and have it automatically sent to the software company. Some, especially EULAs for freeware and shareware, contain clauses whereby you agree to the installation of additional software you don’t want, some of it blatant spyware or adware.

The EULA usually defines what you can do with the software; for instance, that you can only install and use it on one machine at a time. That may be reasonable to protect the software vendor from piracy, but the trouble is, EULAs are getting more and more restrictive all the time. Some EULAs now contain language that could prohibit you from installing the software on a second machine even if the original computer on which you installed it died and is no longer usable. And that’s not reasonable. That’s like saying that if I buy a very cool and expensive stereo system for my car and then I get a new car, I can’t take the stereo out and put it in the new car.

Another big gripe of computer users is that EULAs routinely disclaim all express and implied warranties. In other words, the contract you “sign” agrees that the software doesn’t have to work as advertised, or even work at all. And even if an acknowledged programming error causes you to lose important data or the use of your computer for days, the software vendor has no responsibility. In the case of buying software, the rule really is “buyer beware” and “proceed at your own risk.” In fact, with such leeway, it’s amazing that vendors make their software work as well as it does. Imagine signing a contract with an appliance vendor that says, in essence, the refrigerator you bought might or might not cool your food and if it doesn’t, not only are you not entitled to any compensation for your spoiled food but you also don’t get back the several hundred or several thousand dollars you paid for the refrigerator.

How did EULAs come about in the first place? Well, according to the 3rd Circuit federal court in a case styled Step-Saver Data Systems Inc. vs. Wyse Technology way back in 1991, software licenses (EULAs) were first developed in large part to avoid the federal copyright law first sale doctrine. The first sale doctrine is part of the U.S. copyright law that says a purchaser can transfer a legally made copy of a protected work without permission. The EULA is basically an attempt to get you to contractually waive that right.

Court cases regarding the enforceability of EULAs have been mixed since then. Some courts have found so-called shrinkwrap license agreements (those enclosed in a software package and inaccessible until after you buy the software) to be invalid. The clickable agreements have been given more weight by most courts.

When I wrote about EULAs here a few years ago, I was much less bothered by them than I am now. I find the trend to include more and more restrictions on what users can do with the software they pay for to be disturbing. Some license agreements now prohibit users from releasing or publishing information about the performance of the software. That effectively prevents reviewers such as myself from reporting to readers our experiences with a particular piece of software. I think that’s going too far.

Much as I like Vista, I don’t like the fact that its EULA gives Microsoft the right to validate your software at any time (that is, check to verify that the software has been activated and is licensed) and disable some of its features if it can’t be validated. And as a technology writer who uses virtual machines for testing and screenshots, I’m not happy about the clause that prohibits installing Vista Home Basic and Premium in VMs.

I recognize the need for EULAs, but it seems software vendors are taking advantage of the privilege. It’s the old “give ’em an inch and they’ll take a mile” problem. What do you think? Should you have to “sign” an agreement to use software? If so, what terms are reasonable and which ones aren’t? Should you be able to get a refund if you get home, read the EULA and don’t like it? (Microsoft provides for that, but some vendors don’t). Are there certain clauses that vendors should not be allowed to include in EULAs? Or am I just complaining about nothing?

Deb Shinder

For me, the Julie Amero case was always about two things:

1. Seeing Julie go free.

2. Helping to make sure it didn’t happen to others.

(1) above is in progress. The judge has accepted the defense’s motion for a new trial and now it’s largely a waiting game.

But there are others who are in the same boat as Julie. The problem is there. And it’s not just schools. It’s in business as well.

How many people are never charged but quietly fired?

Now, a lot can be solved with education: How many of you working for corporations have been to mandatory sexual harassment training every year? But how many of you have been to a company security training? (Answer: almost nobody gets security training).

Consider it — a simple one or two hour training, with a nice video that explains the basics of security. IT departments layer on defense after defense, but because so much of the problem is social engineering, you have to teach the users. How many systems are infected because of people going to a website in a fake email? Or a bored salesman on the road, downloading some “harmless” porn on his laptop, only to have his system turn into a spam zombie, or worse — turning it into a warez server, serving child porn and pirated software? Or the administrative assistant who just wants to download some “cute screensavers”… Or the CEO who opens up an email attachment that turns out is loaded with a targeted zero-day exploit, stealing highly sensitive confidential information?

It doesn’t even have to be something horribly nefarious. A system can be infected with a simple piece of adware which produces its own search results. Some of those search results can be bad.

You get the picture.

And since our schools have made the decision that porn is a dangerous problem (which I have no argument with), then educators all over the world are operating “dangerous” machinery — without sufficient operator education.

In law, there is a real problem: Many people involved in this field understand little about about computers. Fear and ignorance combined with great power is a very dangerous thing.

So with this in mind, the small group of people who have been crusading to free Julie have started a new effort: The Julie Group. This is a group dedicated to the following objectives:

a) Help to educate people on computer security and computer forensics.

b) Do what we can to help others in a similar predicament to Julie’s.

c) Work to remove bad laws, such as the one that Julie was charged with (risk of injury to a minor, or impairing the morals of a child – Conn. Gen. Stat. § 53-21, which if you read it, is so broad that almost anyone could be charged with it).

So please join us — give us ideas, give us your comments. The Julie Group blog is at http://thejuliegroup.blogspot.com/. It’s basic for now but we’ll be fleshing it out over the next several weeks.

Alex Eckelberry

I find this pretty appalling:

On May 29, TorrentSpy – one of the web’s most famous .torrent dump sites was told by federal judge Jacqueline Chooljian in the Central District of California that despite the site’s privacy policy which states they will never monitor their visitors without consent, they must start creating logs detailing their user’s activities.

TorrentySpy isn’t backing down and has filed an appeal. Their attorney says that if they don’t prevail in their appeal (and let’s hope they do), they’ll likely shut off their US services rather than spy on their own users.

More here.

Alex Eckelberry
(thanks Richard)

We’ve seen this before — tikis, wikis, etc. that have been hacked to serve porn.

For example, look at these Google results here (warning: highly offensive content).

One of the CastleCops volunteers is working on a hacked .edu site right now that’s running a c99 shell and generating porn links like crazy.

Some of the links are trying to push Contravirus, a rogue antispyware program.

Some of these links are neglected forums and guestbooks collecting spam, but I’ll wager a good percentage of the sites in the google results are hacked.

Many links are being taken down, but here’s some some sample links that are live right now:

depts(dot)washington(dot)edu/archdept/cms/photogallery/1/zoo9(dot)html

www(dot)uvm(dot)edu/~astauffe/1/zoo3(dot)html

www(dot)wtc-ep(dot)edu/newsletter/template/images/7493579/96776/

I don’t know if you saw the presentation on Microsoft Photosynth at the TED conference, but it’s pretty cool.

You can play with Microsoft’s Photosynth here (it really helps to see the presentation at TED before using it).

Microsoft also just announced a collaboration with the BBC on using their images as well.

Alex Eckelberry

Amidst a sea of positive articles, KTVO TV characterizes Julie Amero as a “porn-loving” teacher. It’s outrageous. (Note — this is THEIR headline, not the Associated Press’.)

Feel free to make your feelings known to the station management:

ckellum@ktvo.com Station Manager 660-627-3333
danmagruder@ktvo.com Web Manager 660-627-3333
mspeas@ktvo.com News Director 660-627-3333
cthomas@ktvo.com Assignment Editor 660-627-3333

Alex Eckelberry

Update: A check of the site shows that the headline has been changed.

Vista: Multiple languages can now peacefully coexist
In today’s world, you might find yourself sharing a computer with someone whose primary language is different from your own. In previous versions of Windows, changing the language was a global setting, but in Vista, you can install and select different languages on a per-user basis. When a user logs on, his or her interface will display in the selected language.

How to disable the automatic Desktop Cleanup Feature in XP
In XP, Microsoft introduced the Automatic Desktop Cleanup feature, which can remove icons that you don’t use frequently. Some of us, however, don’t want our desktops cleaned up. By default, the Desktop Cleanup wizard runs every 60 days. You can disable it by doing the following:

1. Right click a blank space on the desktop and select Properties, or select Display from Control Panel. Either of these opens the Display Properties dialog box.
2. Click the Desktop tab.
3. Click the Customize Desktop button.
4. Clear the check box labeled Run Desktop Cleanup Wizard Every 60 Days.
5. Click OK and then OK again to close the dialog boxes.

You can still run the wizard manually by clicking the Clean Desktop Now button after steps 1 and 2.

How to use DRM-protected files after upgrading
Getting a new computer or upgrading your operating system can be a fun adventure – or a nightmare. Some folks resist upgrading because they don’t know whether they’ll have all the functionality they had before. For instance, how do you play those songs you bought from an online music store if you transfer them to a new computer or upgrade the OS?

With most digital rights management (DRM) schemes, you need to download the media usage rights (license). These are stored on your computer separately from the song file itself. Windows Media Player 11 will try to download the rights automatically. Sometimes you’ll have to sign onto the online store to get the rights. And some online stores will only let you restore your rights a limited number of times.

For more info about DRM and Windows Media Player, see the FAQ here.

Use new Office formats for better security – even with the old Office
Even if you’ve upgraded to Office 2007, you may still be using the old file formats for compatibility. But you should know that not only do the new XML- based formats (.docx, .xlsx, .pptx, etc.) have the advantage of smaller file sizes, they are also more secure. Malware authors can use the old formats to attack Office users.

With the Microsoft Office Isolated Conversion Environment (MOICE), which converts the old binary files to the new format and the Compatibility Pack add- in that lets you open, edit and save XML-based formats in Office XP and 2003, you can benefit from the increased security of the new file formats without even installing Office 2007.

Download the Compatibility Pack here. You can find out more about MOICE and download it here.

How do I get the normal icons on the desktop in Vista?
QUESTION: I know the intent with Vista is to have a clean desktop look, but I don’t want my desktop quite that clean. Is there a way to put the normal icons (My Computer, Recycle Bin, Documents, etc.) on the desktop without having to individually create shortcuts? – Tom W.

ANSWER: It seems that this is one of those options that’s “hidden in plain sight” in Vista. Lots of people overlook it, but all you have to do is open the Personalization dialog box (right click an empty space on the desktop and select Personalize). Right over there on the left side, in the Tasks pane, you’ll see a link labeled “Change desktop icons.” Here you can check boxes to display the Computer, Network, User’s Files, Recycle Bin and/or Control Panel on the desktop.

Unfortunately, this dialog box doesn’t give you the option to display the Internet Explorer icon, but you can easily make a shortcut to that program in the usual way, by right dragging and dropping and selecting Make Shortcut Here.

How can I turn off Clear Type in Vista?
QUESTION: Okay, I know Clear Type looks good on my laptop and on LCD monitors, but I have an old fashioned CRT and having Clear Type enabled by default makes fonts look blurry. I haven’t figured out how to turn it off – can you help? – Wayne S.

ANSWER: Turning off Clear Type is as easy as a few clicks of the mouse – if you know where to click. As in the question above, you first open the Personalize dialog box, but then it gets trickier. Click the Windows Color and Appearance option, and then at the bottom, click Open Classic Appearance Properties for More Color Options (I know that doesn’t sound like the right selection, but it is). Then in the Appearance Settings dialog box, click the Effects button. Here, under “Use the following method to smooth edges of screen fonts,” in the drop- down box select “Standard” instead of “Clear Type.” That should clear things up for you on your old CRT.

New version of Live Writer makes blogging easier
My blogging client of choice has been Windows Live Writer ever since I discovered an early beta. I’m happy to announce that it just got better, with the release of a new beta version that added several of the features I’d been wishing for – including the ability to “set and forget” publication dates for posts. You can also insert videos, emoticons and tables with one-click ease. I do a full review of the new version and tell you how to get it, on my blog post of June 3, titled “Testing New Live Writer“.

Clean up your Spreadsheets
Want your Excel spreadsheets to look more professional? Get rid of those sloppy duplicate rows, remove spaces and non-printing characters from text, fix numbers and number signs, rearrange columns and rows and more. This article, “Top Ten Ways to Clean Your Data,” shows you how to do it all.

Hardware Secrets – Revealed
What’s the best way to get more bang for your buck with the hardware you have? This article contains lots of tips for upgrades and add-ons for your computer, phone, camera, printer and other hardware devices. See “53 Hardware Secrets” from MSN Tech & Gadgets.

Create custom Out of Office replies for Outlook 2007
While many hate them, many still use them. Want to create your own customized responses for incoming email when you go on vacation (vacation? What’s that?) or a business trip or otherwise have to be away from your Internet connection for a few days? If you use Outlook 2007 on Window XP or Vista, you can download the Outlook 2007 OoO Assistant.

Computing on your Tabletop
The big news in the computer world this past week has been the unveiling of Microsoft’s new “surface computing” device, which literally puts an interactive computer screen on your tabletop. Code named Milan and sometimes called Playtable, the new touch screen device looks pretty amazing in the demonstration video. I can see how it would be very handy for certain applications, but for my own day-to-day work, I want a keyboard. Still, this is probably the wave of the future, and when combined with speech recognition technology, will make Star Trek style computing a reality.

Apple embeds personal info in song files
If you use Apple’s iTunes, you’re probably pleased by the new iTunes Plus service that doesn’t use copy protection software. However, you should be aware that your name and email address are embedded in the song files you download, according to the Electronic Frontier Foundation (EFF). That means if you share those files on a peer-to-peer network, they can be tracked back to you. No worries if you don’t plan to share, right? Well … maybe not. If you lost your portable computer or MP3 player or it was stolen, your email address would be “out there” – something you may not want to happen. You can read more here.

You get an error message if you try to open an .exe file in XP or Windows 2000
If you attempt to start a program from an executable file with the .exe extension on a Windows XP or Windows 2000 computer and get an error message that says “Windows cannot find .exe” or something similar, this may be because your computer has become infected with the W32/Swen.A@MM worm. You can fix the problem by editing the registry. For instructions on how to do so, see KB article 8377334.

Floppy disk formats supported in XP
Does anyone still use floppy disks? Apparently quite a few people still do, even though most few computers don’t even come with a floppy drive. Heck, I still have a box of floppies in the closet that contain the original files for a lot of old lesson plans and syllabi I used back when I was teaching criminal justice courses full time, even though copies were long ago transferred to CD. But if you do have a floppy drive and you try to use from of those old disks, you may have noticed that some types of floppies can’t be formatted on your XP computer. KB article 309623 provides more info on the floppy formats that are supported by XP.

Vista computer goes to sleep during Bluetooth file transfer
If you’re running Windows Vista and you try to copy a large file to or from another Vista computer, you may find that one of the systems goes to sleep during the transfer, preventing the task from completing properly. You might need to change your power management settings to prevent this from happening. For more information, see KB article 937827.

Until next week,

Deb Shinder, MVP

If the definition of spam is unwanted email sent in bulk, a lot of my friends and relatives are spammers, although they would be shocked at the suggestion. I’m talking, of course, about all those messages I get every day with CCs to a dozen or more people I don’t know.

Some of them are jokes I’ve heard a hundred times before, some of them are inspirational ditties complete with pictures, animations and fancy fonts, and some are links to cool (or not so cool) web sites. What they all have in common is a paragraph or two at the bottom, urging me to send the message to 5 or 15 or 25 of my own friends, i.e., trying to convince me to become a spammer, too.

Some go beyond urging and border on threatening. I’m sure you’ve gotten such messages that imply that if you don’t forward the message, 1) something dire will happen to you, 2) something dire will happen to someone else, or 3) you’re a selfish person who doesn’t care about the person who sent you the spam.

Just today, I received another of these “please send this to everyone you know” messages. This one was a warning about the dangers of hand sanitizers in bathrooms – it seems there have been a handful of cases of children ingesting these products, which contain a high level of alcohol, and essentially getting drunk. Okay, that’s interesting information, I guess, but then at the bottom there’s the kicker – urging me to distribute it further and implying that if I don’t, I’m somehow responsible for the next kid who falls victim to the evil soap. Grrr. I don’t like it when people try to make me do something by laying a guilt trip on me. I like it even less when it’s someone I’ve never met.

Messages like this, in their previous, paper incarnation, used to be called chain letters. In some jurisdictions, they were illegal. In most segments of society, people who sent them were considered, at best, annoying and naïve.

I love getting email, probably more than most people. I don’t even mind getting email from strangers, if it contains something interesting or genuinely funny or useful. But I don’t want to get email that tries to reproduce itself by insisting that I send it to others I know. If it’s good enough to pass on, I will. If you try to threaten or shame me into sending it on, I most certainly won’t.

How do you feel about such messages? Do you ever follow the directions and dutifully send them to the 10 friends as requested? If not, do you ever feel guilty for “breaking the chain?” Have you ever written back to the friends who send them and asked them not to do so? (I have – not that it does much good). Should emailed chain letters be illegal, even if they aren’t trying to sell anything or soliciting money? Or should we just sigh and hit the delete button and not make a big deal about it? 

Deb Shinder, MVP

With each new operating system and application, Microsoft and other software vendors strive to make computers more user-friendly. More and more, the software does it all for us, and we need to know less and less to use it.

Take Windows Vista, for instance. Its new ways of finding what you need make it a delight to use. Instead of searching through the Programs menu for the application you want to run, you can simply type its name in the Search box. Instead of hunting through the file system in Windows Explorer for a document you want, just type the file name or keywords in the same Search box. When you want to save a document in a particular location, you no longer need to navigate through the whole drive; chances are that Favorite Links box on the left side of the Save As dialog box will take you straight to the folder you want with a couple of clicks.

Going back to XP after using Vista can make these tasks feel clunky and slow. The new way increases our productivity and removes some of the tedium of working on the computer. And that’s a good thing.

Or is it? For those of us coming to Vista from long years of working with operating systems that demand a little more of us, all this convenience is cool but we still know how to get around a file system the old fashioned way if we need to. For kids who grow up using Vista and its sure-to-be-even-friendlier successors, though, I wonder if something will be lost.

Just as those who came of school age after the advent and easy availability of calculators never seemed to develop the same level of basic math skills as those of us who grew up having to do it ourselves, I wonder if future computer users will lack the skills that used to be necessary if you wanted to use a computer.

Once upon a time, you had to be pretty smart to own and maintain and use a personal computer (heck, back in the really olden days, you had to learn BASIC or some other programming language to make the machine do anything useful).

But over the years, as PCs became mainstream items that were standard in every home, new users didn’t want to have to learn all that complicated stuff. They lamented that a computer should be as easy to use as a TV set, that you didn’t need to know all the theories behind how television works or be able to take it apart and put it back together in order to use it. They asked for “no brainer” computing.

Well, we’re not quite there yet, but we’re getting closer all the time. And even though I enjoy Vista’s new features, sometimes I get the feeling that it’s making me a little lazy. I feel a twinge of annoyance now when I use an XP system and have to go clicking through the file hierarchy to find something. I miss the multi-functional Search box. Heaven help me, I even long for my sidebar gadgets.

What do you think? Do operating systems that do everything for us make us dumb and lazy? Or would you prefer not to have to know anything about computers to use them?

Deb Shinder, MVP

We have some pictures from this week’s Microsoft TechEd here.

Here’s me (on the right) looking dangerous with a fellow tradeshow exhibitor.

Scary, eh?

Alex Eckelberry