The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
It’s been covered in the blogsphere today, but if you missed it: Google’s new Street View is incredible. Limited coverage (for now).
Alex Eckelberry
And a bonus from the DrudgeryReport:
GOOGLE MAPS SHOW ‘FACES’ ON STREETS, IN HOUSES…
ALSO LICENSE PLATES…
UPDATE: ‘OUTSIDE OF A STRIP CLUB AND CAUGHT ON GOOGLE?’…
ADULT BOOK STORE?
SEE STEVE JOBS HOUSE…
You’ve probably heard this one today — British film director Mike Figgis detained for five hours for saying “I’m here to shoot a pilot” when asked for his purpose in visiting the US. There’s debate as to whether or not it’s a hoax, but it’s been reported in the Guardian, AOL and elsewhere.
Whether a hoax or not, it still highlights the frustration people feel with our ridiculous security systems.
I personally have experience with this — I accidently used an expired drivers license on a trip in January. This, of course, now has me on some terrorist watch list and flying is now hell and I avoid it at any opportunity. The idiocy of this is beyond comprehension — every terrorist that’s ever attacked in the US has had completely valid credentials. And if I was a terrorist, do you think I’d be stupid enough to use an expired driver’s license to board a plane?
And the liquid thing — putting aside the ludicrous and junk science behind this, what’s to stop five terrorists from each bringing on 3 ozs and sharing it to get to 15 ozs, as this SNL skit point outs?
The list of nonsense goes on (Schneier has a very good overview of the situation during a recent talk at Macalester College and if you haven’t watched it, I highly recommend it).
Alex Eckelberry
Some idle Tuesday-afternoon humor: Slashdot has a post that “the Linux-sponsored Indy 500 car had a rough day at the track this weekend: it was the first car to crash on the track and finished dead last. Joost sponsored a car that came in a respectable seventh.”
No one was hurt, thankfully.
Of course, this brought forth quite a bit of geek humor. Some selections:
The immediately obvious: “It crashed because of a bad driver.”
The Vista Jab: “In other news the Windows Vista car was slow off the line, but the car looked good and the driver was heard screaming “accept” as the car lurched forward and stopped every time he used the accelerator.”
The Vista Jab #2: “You are trying to brake to avoid a deadly accident. Cancel or al…”
The obscure: “Turns out the driver crashed due to a race condition.”
The obscure #2: “I blame the WINE.”
The anthropomorphic: “The penguin couldn’t see over the dashboard.”
The anthropomorphic #2: “… meanwhile, the Microsoft car was seen slinking away from the scene with a guilty look on its face.”
And so on.
Alex Eckelberry
HP rebates get easier – sometimes
We’ve often lamented the hassle factor and “game of chance” element involved in getting a manufacturer’s rebate these days, and we applaud Hewlett Packard for doing something to make it a little easier. They’re now allowing customers to redeem rebates online without having to mail in all that paperwork. The catch: it appears to apply only to products you buy at the Home & Home Office online store at http://www.shopping.hp.com/webapp/shopping/home.do. We’d like to see the same courtesy extended to customers who buy HP products from other retailers. Still, it’s a start. Read about it here.
The Bill & Steve Show
And no, we’re not talking about Steve Ballmer, although he’ll be there, too. But the big news is that this week, Bill Gates and Steve Jobs will appear onstage together at the D: All Things Digital conference in California that’s put on each year by the Wall Street Journal. Will it be a replay of the Mac Man and PC Guy commercials? It’s an ad lib type event, without prepared speeches, and this one should be a good one. Videos of past conferences are available so we’re looking forward to seeing videos of this one.
Are you ready to give up on email?
An article in last week’s Washington Post claims that many people are abandoning email completely, declaring “email bankruptcy” and going back to the phone as their primary means of communication. I can’t think of many things more unpleasant than that. You can read my opinion on the subject (and get the link to the original article) in my blog post of May 25 titled “E-mail cop- out?”
How to assign a program to a processor in XP or Vista
In Windows XP Pro or Vista, if you have a computer running multiple processors or one with a dual core processor, you can assign specific programs to use a specific processor or core. First you need to open the program or run the process. Then do the following:
New Vista Start Menu
The Start Menu in Vista looks a bit different from the XP Start Menu, and provides a lot more functionality – once you get used to it. The Search box at the bottom can be used to find just about anything: email messages, document files, even programs. You’ll soon find yourself using it instead of drilling down through the All Programs menu. You can also use it instead of Run as a command line box to run executables; just type the command (such as gpedit.msc to open the Group Policy editor) in the box.
If you don’t like the new Start Menu, though, you can easily change it back to the Classic menu, like the one in Windows 2000 (and the one many of us used in XP instead of its default “bubble look” menu). Just right click the Start button, click Properties and choose Classic Start Menu. But note that this option doesn’t include the Search box.
How to get to the Vista Sidebar quickly
If you open up lots of programs at a time, as I do, sometimes your gadget sidebar and any gadgets that you’ve detached from the bar get covered up under layers of windows. Then if you want to use a view a gadget (for instance, you need to see the month at a glance on the calendar gadget), you have to move or minimize all those windows to get to it. Or do you? You could configure the gadget bar to always stay on top by right clicking it, selecting Properties and choosing Sidebar Is Always On Top of Other Windows but that eats up a lot of screen real estate and besides, I’ve found it doesn’t always work.
Luckily, there’s a way to quickly bring the sidebar and detached gadgets to the foreground: just press the Windows logo key plus the space bar.
New variety of Trojan escapes detection by AV programs
There is a new variant of a Russian Trojan horse going around the Web, and it’s able to capture information from secure SSL streams through keylogging capabilities. SSL, of course, is used to encrypt connections for secure transactions such as online banking and credit card purchases. The worst part is that this version of the Gozi Trojan can hide itself like a rootkit so that most antivirus programs can’t detect it. You may need to reboot into Safe Mode and run an updated AV scan to catch it.
Help! The drive letters on my XP computer changed!
QUESTION: During the night Windows did a security update and restarted my computer. Now my Maxtor storage is “G” instead of “F” and my External CD-Rom is “F” instead of “G”. I’ve been working with it that way and don’t see any problems. Is that okay? – Pete M.
ANSWER: It’s not a problem as long as it’s not a problem.
But it’s easy to change the letters back to the way they were if you want to. Right click My Computer and click Manage, then in the left pane of the Management console find “Disk Management” and click it. It’ll take a minute to scan your disks and load the configuration information, then will display them in the right pane. You can change the drive letter assignment of a disk by right clicking it in the top pane and selecting Change Drive Letter and Path. Click the Change button and pick a new letter from the drop down box.
It won’t let you change it to a letter that’s already being used, so you’ll need to first change the Maxtor to some unused letter such as Z, then change the CD to G, then you can change the Maxtor to F. You have to be logged on as an administrator to do this. You can do it the same way in Vista, except that you’ll be asked for permission to continue when you try to open the Computer Management Console even if you’re already logged on as an admin.
Windows XP stops responding when you download Windows updates
If you try to download an update from the Windows Update site to your computer and get an error message labeled “Initialization Error 0x8007007e,” or the computer stops responding when you accept the end-user license agreement, it may be because of corrupted or unregistered system files. Find out what to do to solve the problem by reading KB article 831429.
Problems printing to a local printer from Office programs in XP
If you’re having problems printing to a computer that’s attached to your computer while using Microsoft Office on Windows XP, there are a number of possible causes and solutions. This troubleshooting article walks you through the steps of diagnosing and resolving the problems. See KB article 870622.
Until next week,
Deb Shinder, MVP
Privacy is a growing concern in today’s world where there are surveillance cameras on every other corner and RFID chips in our passports. You can no longer check into most hotels without showing ID and you certainly can’t fly on a commercial airline anonymously. It seems as if the government is determined to track us everywhere we go, and with modern technology, it’s increasingly easy to do. But it’s not just government agencies, private eyes and industrial spies who are using technology for that purpose. The ability to track others’ movements and activities is increasingly available to anyone who wants to use it.
After all, who among us hasn’t wished, at one time or another, that we had a way to know where our kids, spouses, those who work for us or other people are at any given time? Whether you’re suspicious that they’re doing something wrong, worried about their safety or just missing them, you’ve probably had the thought that it would be nice to tune in to them telepathically and know that they’re headed home, or safe at the office or school.
Probably no one thinks about it more than the parent of a teenager, especially one who’s just learned to drive and is out in the family car doing his or her first solo excursions. And although the feeling of fear over the loss of control as your little ones start to become adults can probably never be eliminated, today’s parents are a little less helpless than those of previous generations when it comes to keeping tabs.
We’ve discussed here previously how GPS enabled cell phones can be used to track people’s locations and we talked about the service offered by Disney Mobile that’s specifically aimed at parents who want to keep up with where their kids are going. Prices for the GPS enabled phones start at a little over $100 and the rate plans begin at $24.99 per month for 200 minutes, a bit more than the typical cell phone service but not outrageous. Disney lets you select a “family manager” to control other family members’ phone features and oversee activity. The family manager must be at least 18 years old, and the web site notes that accounts can be established for children only, and asks for the birth date of each person who will have a phone. The adult does not have to have a phone to be the family manager.
Since our last comments on this subject, tracking has gotten more popular and now you can get tracking services that aren’t necessarily limited to children. Another service that’s touted for tracking both children and senior citizens, as well as business use, is Wherifone. Their GPS enabled phones come in only one model (but five different colors) and cost only $59.95 with a two year contract. Service plans start at $19.95 per month. Coverage is available in most of the eastern half of the U.S. and major cities in the southwest and west coast, but not in some states in the northwest and midwestern areas.
The best major cellular provider for tracking options is Nextel, which offers a Mobile Locator service that allows you to view and monitor other peoples’ locations in real time, individually or as a group. It’s targeted at employers, who use it to keep track of where their employees are, and it works with some models of Blackberry devices as well as Nextel GPS-enabled phones. The locator service costs $15/month per phone, in addition to the phone service itself.
But cell phones aren’t the only way now that technology can track you (or you can use it to track others). More and more of my friends lately seem to be opting for the OnStar service that’s available for GM vehicles. One feature of that service is the GPS system built into the vehicle, which can be used to locate your vehicle if it’s stolen or if you need assistance and don’t know where you are or if your air bags deploy and you’re unable to respond when the operators attempt to contact you. All of this, of course, comes with a monthly fee ranging from about $17 to about $27 per month, depending on the features you want. You can also add hands-free calling through the system, where you buy pre- paid minutes or link the vehicle to a regular Verizon Wireless account.
And you don’t have to have a particular make and model of car to be able to track your teenager’s driving location and even speeds. YDS (Youth Driving Safe) can provide GPS equipment that can be installed in any vehicle and parents can monitor their kids’ driving habits from their PCs on a map that displays date, time, address/location, speed and direction of travel. Or if you don’t have access to a computer, you can call a phone number and get an automated voice recording telling you this information as an optional feature. An advantage of this service over the cell phone tracking is that it saves a historical record of the tracking info online, so you can go back and look at where the car was a day, week or month ago. You can set up “off limits” locations or set a speed limit and be notified if the car violates the rules, and it’s even possible to remotely disable the ignition.
There are good reasons to keep an eye on what your children are doing (such as the fact that you’re financially and sometimes criminally responsible for their actions while they’re minors). And being able to locate an elderly parent with Alzheimer’s who’s wandered away could save his or her life. Employers have a right to know where employees are taking company vehicles. In fact, good cases can often be made for tracking others’ activities – the question is: where do we draw the line?
In fact, spying on people has become a huge and profitable industry. Companies such as Brickhouse Security sell Nanny Cams, GPS tracking devices, phone recorders, night vision equipment, stealth voice recorders and even semen test kits. And then, just to be sure to get both sides of the market, they sell detection devices so you can discover whether someone else is using their other products against you. Talk about a win/win business situation.
Is it time for privacy advocates to just throw in the towel and admit that in the twenty-first century, there is no such thing anymore? With “eyes in the sky” (satellites) that can take detailed photographs of anyone, anywhere on the planet from orbit, is the entire concept of privacy outdated? Or should we be worried that we’re headed for a world right out of some sci-fi horror story, where most of the human race is enslaved by those who control the technology?
How do you feel about the prevalence of tracking and spying technology? Is it a good thing that will keep people on their best behavior? Or does its use destroy trust between family members, friends, employers and employees and governments and their citizens? Do you or would you use such technology to keep track of someone else? Or do you think it should all be outlawed except in special, court-ordered circumstances?
Deb Shinder, MVP
Pity Italy. They just seem to get hammered by the bad guys (this is, after all, the home of Gromozon, one of the nastiest pieces of malware out there).
We have a list of 1,100 Italian typosquatting domains that spawn malware. The names include:
3bay(dot)it
3ebay(dot)it
4ebay(dot)it
aitalia(dot)it
aklitalia(dot)it
alialia(dot)it
aliotalia(dot)it
alirtalia(dot)it
ebaay(dot)it
ebagy(dot)it
ebahy(dot)it
go9ogle(dot)it
goigle(dot)it
goiogle(dot)it
gokogle(dot)it
golgle(dot)it
gologle(dot)it
goo0gle(dot)it
goo9gle(dot)it
goobgle(dot)it
gooble(dot)it
goofgle(dot)it
googble(dot)it
googel(dot)it
googfle(dot)it
You get the picture. You can see a full list here.
When the user goes to any of these sites, they will usually get a message stating that they must upgrade IE:
Translated:
Impossible to find the requested page
To view the requested page, it is necessary to upgrade Internet Explorer (link to fake upgrade — which at the moment doesn’t even work).
Or you can look for the requested page on “Extra Ricerca” or search for it on the Web (fake search form which links directly to malware)
Download Extra Toolbar (link to malware)
One may also get a preview of a video, which requires a “Codec” to view. The “codec” is, of course, malware:
It’s nothing really that new, as these same people were hijacking these same domains a while back: Back then somebody was complaining about it so one of our researchers checked for most possible misspellings of the most popular domains in Italy, and they pretty much all came up with the same pages containing malware.
Then this group stopped for a few months and we were (incorrectly) under the impression that these sites were shut down by authorities, but unfortunately, that’s not the case. Marco Giuliani of PrevX yesterday wrote about them on his blog and it was immediately clear that these (which, by the way, are “hardcore infect-spammers”) are the same people. We believe that these are also the same people or close associates of JohnRuffo(dot)com which sells “italian traffic” (meaning zombies).
Alex Eckelberry
(Credit to Sunbelt researcher Francesco Benedini, with a hat tip to Marco Giuliani))
We’re exhibiting at Tech Ed (June 4th – 8th) and I’ll be there with a bunch of other Sunbelters. If you’re at the show, come on by and see us.
Alex Eckelberry
Join renowned spyware researcher and Sunbelt’s Director of Malware Research, Eric Howes, for an engaging discussion on the scope of the spyware problem.
Hosted at the Microsoft office in Tampa, FL on Wednesday June 20th. Register here.
Alex Eckelberry
So last week, Stu, our VP of marketing, catches me in our 12th floor breakroom.
He blurts out — “Hey, what do you think about doing a competitive upgrade offer on CounterSpy at $14.95?”.
Not thinking very much, I counter with “Hell, I don’t care, do it at $9.95”. After all, it was a strategy an old boss of mine (and one of my heroes), Philippe Kahn of Borland, had used with great success. (Well, he did ultimately lose his job, but that was due to other reasons…)
I quickly return to my office and forget about the conversation, until later that day, I see our marketing department launch the campaign in one of our newsletters, CounterSpy News.
Uh… wasn’t there supposed to be a meeting, or something? A bit surprised, I put up a brief blog post.
Well, it went more than a bit well. Now, it’s gone official: Get CounterSpy for $9.95 if you own a competitor (including SpyBot, Adaware, Windows Defender, etc.).
You get the idea: Pretty much anyone will qualify.
Full corporate propaganda release here. And Neil Rubenking of PC Mag just blogged it at Appscout.
We will see this as either an incredibly stupid idea or a brilliant one. Whatever the case, this is a very, very good deal. Full upgrades and updates for a year, full toll-free support, the works. Our reasons should be obvious: We want to win over marketshare.
I just want you to know one thing: When the board fires me for gross negligence, I will still be blogging.
Somewhere where there’s no breakrooms.
Alex Eckelberry
Backscatter X-ray technology (as opposed to the more prevalent transmission x-ray), is a type of x-ray scan that can show some amazing detail. It’s still not being used widely in the US due to privacy considerations, but it’s being used in some places overseas, which at least in the UK, has prompted both privacy and health concerns. Of course, the scary images of people shown with guns is idiotic. (Or this scare image by AS&E showing the difference between traditional transmission x-ray vs. backscatter — showing a gun, liquid explosives and plastic explosives for the surprisingly well-equipped terrorist strolling on a plane).
At any rate, the next step in our Bold New World might just be a “Mobile BackScatter Van”, being marketed by AS&E (thanks Eric).
You can see a video at the company’s website, or on YouTube.
(And if you want to understand what I mean by security theater, watch or listen to this excellent overview by Bruce Schneier)
Today, we caught a very pernicious spam loaded with malware from the “Better Business Bureau”.
Now, a more generic version of this spam was reported on an antispam forum recently, likely from a worm. However, this version we received today is highly personalized, possibly even a targeted attack.
Notice the level of personalization – Stu Sjouwerman is our VP of Marketing and Sunbelt Software, is, of course, us. Companies without adequate defenses may very well get this document and open it.
Analyzing the file showed all kinds of interesting things. It’s an RTF document that is using packager.exe to embed an OLE object that contains an FSG-packed download/worm (FSG is a type of packer commonly used by malware authors).
When opened, it downloads:
1. More malware
2. TightVNC
3. WinRAR
In essence, this thing is designed to steal data. The results on VirusTotal are very thin for this rtf document.
Alex Eckelberry
(Thanks to Sunbelters Adam Thomas and Eric Sites)
Andreas Marx of AV-Test.org has completed his latest tests on AV engines. From his notes:
We tested 29 products for the detection of most recently seen verified working Win32 PE malware of the last 12 month — separated into the four categories backdoors, bots, trojan horses and worms.
Only detection has been tested, as this was the main request of magazines and readers, some more reviews regarding the system disinfection capabilities and the proactive (behaviour-based) detection will follow within the next two months. Furthermore, as announced during the International Antivirus Testing Workshop last week, we will more closely review the lifecycle of the products, to get a better impression about the developments of the products over time and also risky situations.
PC-WELT (Germany) has published some facts about the test at the following links (the first points to some details about the test, the second link will show you the detailed detection numbers): 29 Virenscanner im Test: Gute Erkennung bei Wuermern [May 23, 2007]
A few more publications (in English) can be found here: AV-Test.org Reports Stats from Antivirus Roundup [May 22, 2007], Antivirus Shootout in Magdeburg [May 22, 2007]. BTW: The last comprehensive English-language full-suites and stand-alone review of AV products for Windows XP and Vista can be found at the PC World (US) webpage.
Some additional notes:
We tested all scanners against a set of malware, including 68,864 backdoors, 47,891 bots (zombies), 407,487 Trojan Horses as well as 82,659 worms, so the total number of malware we tested against was 606,901 files. The best product detected 99.83% of our collection while the worst one was only able to identify 62.12% of the samples.
The average product detected 86.95% of the malware files used, with a median of 90.97%. For our testing, we only used current malware — this means, malware which was not older than 12 months or which have been seen at least once during the last 12 months. All old files have been removed. We only used Win32 PE files for the test, all other files, like DOS or 16 bit Windows malware, were removed. Only working malware was used — corrupted or innocent samples were sorted out using manual and automatic analysis tools. So the test results should reflect the real-world situation quite well.
One can see that the detection rates of self-replicating malware (like worms or bots) are the best for all tools, while the detection rates of Trojan Horses (this includes download trojans and droppers) as well as the ones of backdoors still needs some improvements. I’ve also created a diagram, showing the current detection rates of the products at-a-glance (note: the scale starts at 200,000 detections, not at zero.)
Note: WebWasher scored best in our test, but it’s a gateway product, it’s not available for a client/desktop. The same applies to eSafe (from Aladdin). Besides this, Ewido might not be directly comparable with the other products, as it’s an anti-spyware product and not a full anti-malware suite (yet). When comparing desktop products (for home or company users), these products should be removed from the list. In case of “Microsoft”, we’re speaking about OneCare product for home users and the Forefront Client Protection for companies.
You can view the test results here.
Alex Eckelberry
As you’ve probably heard already (sorry, I’ve been slow on blogging today), Google has a new security blog.
And their first blog post makes an important point:
Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 websites are potentially malicious. To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%. The analysis described in our paper covers billions of URLs. Using targeted feature extraction and classification, we select a subset of URLs believed to be suspicious for in-depth investigation. So far, we have investigated about 12 million suspicious URLs and found about 1 million that engage in drive-by downloads. In most cases, the web sites that infect your system with malware are not intentionally doing so and are often unaware that their web servers have been compromised.
You can read the Google Security Blog at http://googleonlinesecurity.blogspot.com/
Alex Eckelberry
If you’re against the concept of the National ID card, you can sign a petition here.
Alex Eckelberry
Recently, I blogged about MOICE, a technology to convert older Office files into the new Metro format, and in the process, attempt to strip out any exploit code.
From Microsoft:
Today we are announcing the availability of the Microsoft Office Isolated Conversion Environment (MOICE) feature and more widely notifying customers of the File Block functionality for Microsoft Office 2003 and the 2007 Microsoft Office system. Both features are designed to make it easier for customers to protect themselves from Office files that may contain malicious software, such as unsolicited Office files received from unknown or known sources. MOICE makes it easier by providing new security mitigation technologies designed to convert specific Microsoft Office files types, while File Block provides a mechanism that can control and block the opening of specific Microsoft Office file types.
More here.
Alex Eckelberry
(Thanks Eric)
Like it or Not, 64 Bit is the Future
Windows Server 2008 (formerly and currently known as Longhorn Server) will be Microsoft’s last 32 bit operating system, so get ready to join the 64 bit revolution in the next few years, whether you’re ready or not. We all survived the move from 16 to 32 bits, and I’m sure we’ll survive this one, too. Vista comes in both 32 and 64 bit versions, but based on the speech of one of Microsoft’s general managers at WinHEC last week, you can expect its successor to be 64 bit only. That’s already happened with some products, most notably Exchange Server 2007, which is available for production only in 64 bit. And that’s causing a bit of weeping and wailing and gnashing of teeth. Read more about it in Joe Wilcox’s article.
Learn programming the easy way
Here’s a new tool for teaching kids to create graphic software programs, including games and simulations. It’s called Scratch and it runs on Windows and Macintosh OS X, and was created by the same programmers at MIT who made the Lego Mindstorms programming tools. Even if you’re not a kid, you might enjoy playing with it.
Create your own applications and web pages without programming
Don’t want to be a programmer, but want to create web pages and online applications, and do it within a community of other page creators? Microsoft’s new Popfly tools and its corresponding online community are at the pre-beta stage right now (a.k.a. alpha) but it’s available free. It works on the “blocks” concept, too (sound familiar?).
Technologies that flopped
Remember the CueCat? Cute idea, but who really wants to scan bar codes on your computer? We get enough of that with the self-serve checkouts at the grocery store. How about eBook readers? Great idea; Star Trek fans should love them, but none of them ever really caught on. Did anyone really run Microsoft Bob – or is just that no one will admit to it now? From DIVX to SoftRAM to facial recognition systems to WebTV, this little slideshow takes us down memory lane and lets us remember some of those Next Great Things that didn’t quite pan out as intended.
Windows Media Center in Vista
To get Windows Media Center in XP, you had to buy a Media Center PC from a hardware vendor. The OS wasn’t available as standalone software for you to install on your own system. Now the Media Center functionality is built into two versions of Windows Vista that you can buy at retail: Home Premium Edition and Ultimate Edition.
You can do all the same things with Vista’s Media Center: record and playback TV shows (if you have one or more compatible TV tuner cards in your computer), organize and play music, home videos and digital pictures, burn CDs and DVDs, and share the media library with other networked computers. The interface is slicker, CableCard is now supported and you can easily archive TV programs to DVD).
How to block images in HTML mail
To prevent downloading remote content (images stored on a server) in Outlook Express and Windows Mail (Vista), do this:
In Outlook 2003, do this:
In Outlook 2007, do this:
You can unblock picture downloads from a particular address or domain by adding it to the Safe Senders List. Remote images are blocked by default in the latest versions of these programs. You can unblock them for an individual message by right clicking in the notification bar and selecting to download pictures.
BioPassword: New authentication technique
Security experts keep searching for the perfect way to authenticate users – verify that you really are whom you say you are. Typing a password is the traditional way, but passwords can be stolen or guessed. Smart cards can be lost or forgotten. Biometrics (fingerprint or retinal scans) are intrusive and require special equipment. Enter keystroke cadence, which to the user is familiar – you type a password. But the system detects not just whether you entered the correct characters, but whether you typed them the way you type them. Some security pundits think it will be the future authentication method of choice. Of course, if you injure your hand and have to type your password one-handed, you may find your access is denied.
Why can’t I install Vista on more than one computer?
Question: Am I the only one who complains about the cost of buying and installing Vista on more than one computer in the home? I would think that billionaire Bill Gates could afford to allow home users to install the system on more than one computer in the same household. As you know, every kid has his own computer these days and that gets expensive! – Phil S.
ANSWER: No, you aren’t the only one. I love the idea – heck, I think the car dealers should give us extra vehicles for our kids who’ve reached driving age when we buy one for ourselves, too. Seriously, I understand not allowing you to install the software on unlimited numbers of computers, but it would be nice if the operating system license were like the Office license, which allows you to install on both a desktop and a laptop for your own use.
Microsoft has announced a “family plan” for users in the U.S. and Canada. If you buy Ultimate, you can a pretty hefty discount on up to two Home Premium licenses, which you can buy for $49 each. It’s not the solution you want, but maybe it’s a step in the right direction.
My Computer and Explorer quit in XP
If you have the My Computer or Windows Explorer windows open on your XP Home or Pro computer and then you try to open My Network Places or the Shared Documents folder, you may find that My Computer/Explorer quit for no reason, and you get an access violation error message. There is a hotfix available from Microsoft to fix the problem. To find out how to get it, see KB article 831938.
Can’t play iTunes music in Vista
If you have an XP computer on which you have music you bought from the iTunes Music Store, and you upgrade the computer to Vista, you might not be able to play the songs because the computer was deauthorized because of the upgrade. This happens with older versions of iTunes. You’ll need to download and install the latest version and then authorize the computer. To find out how to do this, see KB article 936649.
Until next week,
Deb Shinder, MVP
Most of us send email to lots of different people, for lots of different purposes. We may solicit and conduct business with customers or clients via email. We may communicate with our co-workers, bosses and subordinates. We may chat with family members and friends. We may participate in mailing list discussions in both professional forums and “just for fun” groups.
If you’ve been using email for any length of time, you’ve discovered that you sometimes have to be careful about what you say, especially if you tend to have a sarcastic sense of humor. The written word is easily misinterpreted; without voice inflections and body language, it’s difficult for others to know when you’re serious and when your remarks are made in fun. Most of us have had that experience at least once. So we learn to tread more carefully, re-read what we’ve written and censor ourselves at times.
What we may not realize is that it’s not just the content of our email messages that can cause problems. The Wall Street Journal featured an article in last week’s Weekend Journal section about the increasing use of “me mail.” The writer defines this as signature line bloat – sig lines that contain more information than you want or need to know about the sender and especially those that include pictures, animations, logos, links and even videos.
Most modern mail programs, including web-based mail services, now support the use of graphics, and sites like www.blingee.com and www.mytextgraphics.com make it easy to create spiffy images for your signature.
Some people obviously put a lot of time and effort into creating a good sig line (or at least, one that they think is good). Most don’t think about the annoyance factor. Long, clever, picturesque sig lines are sort of like long, funny answering machine messages: the first time you encounter it, it’s cool or at least a little interesting, but the twentieth time, you’re really tired of it.
Some folks seem to be trying to squeeze their entire résumés into their sig lines. I recently got a message from someone whose sig line was twelve lines long. It contained multiple email addresses, multiple web site links, mailing address, four phone numbers (home, business, cell and fax), a two-line quote, a company logo and a blinking smiley face. I’m not making this up. I was amazed.
But some recipients would be more than amazed; they’d be highly annoyed. We sometimes forget that not everyone has broadband, even in this day and age. Some folks are downloading these messages over slow modem connections, and big graphics files, especially, eats up their bandwidth and turns getting their mail into an excruciating experience.
Sure, it’s your sig line and you can do what you want with it. But some folks extend their need to express their creativity beyond the sig line. Email clients today will do some cool things, and many computer users are taking full advantage of those capabilities. HTML mail messages can do just about everything a web page can do. You can insert photographic backgrounds, use fancy colorful fonts, embed pictures within a message, even have it play music or other audio when it’s opened. Trouble is, these messages take up even more bandwidth and introduce all the same security threats that you can encounter on web sites.
You can, of course, configure your email client to block HTML mail and embedded objects. Some spam filters flag any message with a graphic as spam. But then you may miss messages that also contain important information.
And what’s the point of having all these technological capabilities if you don’t take advantage of them. Just as annoying as getting a message from someone who tells you his life story in his sig line is getting a message from someone who doesn’t give you enough information about who he is, especially if it’s a business-related message.
Most of us have experienced this, too: you get mail asking you to do a bunch of favors and the person doesn’t even sign a name, or gives only a first name, and the email address is something like birdlover243@domain.com. Maybe the answer to his question is location specific, but you have no idea where he’s physically located. Or he asks you to call him, but doesn’t provide a phone number or enough info to look him up.
In many cases, it’s a good idea to have several different sig lines, for different types of email. If you’re conducting business, you want to be sure the recipient has information about your full name, position/title, how to contact you (don’t assume the Reply function will always work), and perhaps a link to your business web site(s). If you’re sure the recipients don’t have bandwidth limitations or graphics-unfriendly spam filters, a company logo may be appropriate, and a handwritten signature graphic can be useful for messages that need to look “official” (although for real authentication, they should be accompanied by a digital signature).
But for business mail, you should stay away from cute quotes, especially political, religious or suggestive ones. Leave out funny graphics and animations, unprofessional nicknames, etc.
For messages you send to mailing lists, you may want to leave your email address out of your sig line. Having it there can make it easier for ‘bots to collect it to be sold to spammers. Likewise, it’s a good idea to leave out your physical address and phone numbers. In fact, on some lists you may want to stay relatively anonymous (although this can be annoying to other list members) and use only a first name, in case some list-mates become overly zealous in pursuing discussions/disagreements that often arise on mailing lists.
When writing to friends and families, you can be a little more creative – but here is the time to use what you know about people and be considerate. If you know Aunt Sophie has a dialup modem connection, use a simple all-text sig line that won’t tie up her connection for half an hour. Common courtesy is the key. “Me mail” is called that because it’s all about you and doesn’t take into account how it effects others.
There’s a time and place for creative, graphical messages – just be sure to think before you hit “send.” And if you don’t want to know how to block remote images, which pose security problems, see this week’s How To for instructions for Outlook Express, Outlook and Windows Mail.
What do you think? Do long and/or bling-filled signature lines drive you up the wall? Or do you enjoy finding out more about the person with whom you’re exchange mail by what he/she puts in the sig line? Do you dress up your own signature, stick with “just the facts, ma’am,” or just leave recipients guessing as to who you are? Do you have different sig lines that you use for different purposes? What do you consider the maximum acceptable number of lines in a signature? Do you block HTML mail, or do you like to open a message with backgrounds and sound?
Deb Shinder, MVP
Recently I wrote about the potential danger in services like TinyURL and SnipURL being used to hoist off malware. While this is not a major “run-for-the-hills” threat, you can read some of the reasonings here.
Well, TinyURL recently came out with a “Preview” feature, which lets you preview the link before going to it. Smart move.
For example, a TinyURL link to Sunbelt Software would look like this in the Preview feature:
It’s a start.
Alex Eckelberry
Over at Robert McMillan’s blog. Link here.
Alex Eckelberry
