|
Please visit the LangaList
Home Page
Please note: Older issues
may contain information that is now
out of date
How To
Subscribe and Unsubscribe is at the end of this
note. Mailing List Trouble? See
http://langa.com/help.htm
Questions about the advertisers?
See the end of this note. Please also see legal notices
at the end of this note. LangaList: ISSN 1533-1156
Please
recommend
the LangaList to a friend! (And maybe win a prize!)
An easier-to read formatted
HTML version of this newsletter is available
<a href="
http://langa.com/newsletters/2005/2005-08-22.htm ">here</a>
The
LangaList
Standard Edition
2005-08-22
A Free Email Newsletter from
Fred Langa
That Helps You Get More From Your Hardware,
Software, and Time Online
Please visit our sponsors
and help keep the LangaList S.E. free!
--- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------
1) Reader Feedback (And
More): The New ZoneAlarm
You may recall that last month ZoneLabs (the makers of the popular desktop
firewall, ZoneAlarm) released a major new version: It added features to a
product that had already grown far beyond basic firewall functions to include
blocking of hostile email attachments, monitoring of the antivirus protection
provided by third-party tools, protecting against the outbound activities of
mass-mailing worms, popup blocking, ID protection, and more. With each new function, of course, the software
package became larger and more complex.
The newest version adds still more features, including an "OS-level firewall"
that attempts to prevent potentially hostile behavior by system-level software.
Working in ways analogous to that of antivirus or antimalware tools, the new
ZoneAlarm monitors for suspicious software behavior, but does so at a very
low level, even trying to see which software components are opening threads and
why. When it spots potentially dangerous actions, ZoneAlarm pops up a security
dialog. You can block the suspicious action, allow it once, or allow it
permanently; much the same as ZA has always let you control internet connection
activity.
This "OS-level firewall" is potentially a very useful feature. Combined with ZA's normal firewall
features, plus good antivirus/antimalware tools, and XP's own "System
Restore" ( http://www.informationweek.com/story/IWK20020711S0009 ) and "Data Execution
Prevention," (see
http://www.google.com/search?q=%22Data+Execution+Prevention%22
; #12 in
http://www.langalist.com/plus/newsletters/2005/2005-04-07plus.asp ; #11 in
http://www.langalist.com/plus/newsletters/2005/2005-04-14plus.asp ) , ZA's new
features should help lock down a system against just about all normal attack
vectors.
But--- you knew there had to be a "but," right?--- the new ZoneAlarm is the most
complex ever. The previous versions in the 5.x series had been creeping up
through the mid-5MB range; the new 6.x version jumps to almost 9MB. An even more
complex and complete version (which adds things such as its own antivirus tool,
identity theft/privacy protection, anti-phishing and spam blocking, IM
security/web site filtering, and more) weighs in at 22MB.
ZA's growing complexity prompted me to write this in this newsletter (
http://langa.com/newsletters/2005/2005-07-28.htm#4 ) when the new
version first appeared:
My main concern with this and similar tools that are getting more and more
complex is the possibility--- maybe even probability--- of negative interactions
between different tools as each tries to carry out a similar function.
Colloquially, we've referred to that as security tools "stepping on each other's
toes."
As a result, I suggest waiting a bit when the new ZoneAlarm is offered (some
users are getting the update notices right now...). The pre-update version is
fine, and works well--- there's no urgent need to upgrade. Let other braver or
risk-loving souls take the plunge, and watch for feedback. Once the new tool has
been installed on a couple million systems (it won't take long) we'll *know* if
there are problems with the new ZoneAlarm tool conflicting with, say, Norton or
Sygate or AntiSpyWare or other tools. My guess is that some conflicts are almost
inevitable; but I also think the folks at Zonelabs will get things fixed pretty
fast. So, a few weeks or a month or two after release, the new ZA tools should
be stable and ironed out enough to be fine.
As this is not a minor upgrade of the current ZA, but something far more
complex, I *strongly* urge you not to jump in headfirst as soon as the new
version is out. Let others see if the water's safe, and when it is, *then* dive
in. <g>
OTOH, if you're an experienced user with a stable, well-backed-up system, and
decide to take the plunge early, drop me a line and tell us what your
experiences were. Please put "Zonealarm" in the email's subject line. Thanks!
Many of your fellow readers responded, and I've gathered a representative
sampling; enough to give you a pretty good idea of their reported experiences. I've added
my own experiences with ZA6, and then used that as a springboard for a wider
discussion of the relative merits of all-in-one, complex software suites versus
simple, focused, stand-alone tools. I also provide lists of both kinds of
security tools,
with live URLs so you can grab your own copies.
It's all available now, free, at
http://www.informationweek.com/1052/langa.htm .
There's a ton of hard-won info there, courtesy of your
fellow readers--- check it out!
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
--- ( Your Clicks On Ad Links
Help Keep The LangaList S.E. Free! ) ---
"Dear Fred, The move to the Plus!
subscription was the best
investment I made, ever.... I always read it with anticipated interest, and also
always find good advice and interesting topics that expand my understanding
of computers. As a matter of fact, I have become a sort of minor PC guru
among my friends, thanks to you. Cordially yours, Petre Muresan"
Thanks, Petre!
The Plus! edition is just pennies an issue--- about $1 a month--- but that
small amount gets you a boatload of benefits. Get all the details:
http://langa.com/plus.htm
--------------( the above is
an advertisement )--------------
2) Which Encryption Type?
Fred,
I recently read a report by an encryption expert that stated all
encryption programs are not equal or as secure as they lead you to
believe. My question is, how do we know how well a program encrypts?
Because of the esoteric workings of these programs, it is impossible for
even the technologically knowledgeable computer user to analyze the
cypher strength, and as the above article I read stated, most security
experts are not sophisticated enough to make a scientific judgment. The
article goes on to show how quickly some encryption was defeated.
How do we know the claims and encryption standards are being implemented
to the full degree of their potential? Must we go on blind faith. That
is scary. ---Len
This is one of the areas where Open Source software can have a true,
undeniable advantage: With Open Source implementations of
state-of-the-art encryption algorithms, the source code is there for all to see,
so no vendor can "pull a fast one" on you with exaggerated, unsubstantiated
claims about the product's strengths; and no one can build secret "back doors"
into the software for later hostile exploitation.
Open Source implementations also help to avoid the
kinds of problems that can arise when a vendor of a proprietary tool goes out of
business or changes the software. It has happened in the past that users end up
locked out of their own data, with absolutely no easy way to get in!
Some of the best available nonproprietary encryption
algorithms include AES ("Rrijndael"),
Blowfish, 3DES, and IDEA, along with others.
That said, there also are de facto commercial standards: techniques
and implementations used
widely enough to function as a standard, even if it isn't formally so. The
encrypting file system ("EFS") available in XP/2K's NTFS, for example, is a
Microsoft thing, but it's reasonably safe to use because neither
Microsoft nor NTFS is going to go away any time soon. <g>
A third element in encryption effectiveness is the cleverness of the user: A
user employing a great encryption tool but using a short, easily-guessed
password/key is in worse shape than someone using a simpler tool but with
cleverness and subtlety.
Example: Back in the early days of PC-based security issues, one of the most
widely-used methods of protecting files was the simple password-locked
encryption built into ZIP tools. But it's easily hacked. So, one clever user I
know
did this: he'd take a document he wanted to protect, set up his word
processor to print the document sideways, as a huge banner with one letter per
sheet of paper, and then (instead of
printing to paper) would print the document to a file. He'd then
change the file extension--- and sometimes the file headers, too--- to disguise that
it was the output of a print-to-file operation, and then would compress the
file. (It would squeeze down enormously when ZIPped because it contained so many
repeating characters in the banner's large block letters.) He'd then lock the
file with the ZIP tool's simple protections. The idea was that even if someone
hacked and decompressed the file, they'd most likely see a random collection of
characters. It'd be a bit of a leap for someone to think, "Hey, I bet this is a message that's been
formatted as a huge banner and then printed to a file instead of paper!" <g>
In today's more sophisticated environment, of course, this would only be very lightweight security. But you get
the idea: A little cleverness, combined with good technology, can result in a
whole that's stronger than its constituent parts. A more current, simple
example: Say you have an Excel spreadsheet you want to protect. If you use the
built-in password-protection, you'll gain a small increment of security. If you
then save the file as a compressed ZIP file, using WinZip's 256-bit AES
encryption and a strong password, you'll lock out all but the most
resourceful hackers. Re-encrypt the already-encrypted ZIP file using a
third-party Blowfish-encryption tool, and you'll be at near-governmental
levels of security. Store the whole thing in an NTFS encrypted folder, and...
well, again, you get the idea. Depending on how much security you need,
you can combine multiple methods, some Open Source and some not, and end up with
a level of encryption of almost arbitrary complexity.
Most of the time, of course, you don't need anything that elaborate: A single
pass with any credible encryption tool will foil most snoops; and that's usually
good enough.
But what tool? Bruce Schneier, noted encryption guru and inventor of the
widely-respected Blowfish algorithm, offers this page, which also links to some
150 products using Blowfish:
http://www.schneier.com/blowfish.html .
AES, a US-government-approved standard cipher, (see
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/ ) is already being used in
a ton of products. Some have been formally validated as compliant:
http://www.csrc.nist.gov/cryptval/aes/aesval.html . Many others have not,
but may work just as well (there's no requirement to be validated):
http://www.google.com/search?q=aes+algorithm+software
I generally stick with Blowfish, AES, or (if neither of
those is available) 3DES (aka "triple DES"). I think any one of those works fine
for most normal security needs.
When choosing between similar products or implementations, in general,
look for ones that support longer
keys. For example, a product using a 256-bit key can
be harder to crack than one using 64- or 128-bit keys. In fact, software using
64-bit keys and lower is too weak for serious use today; 64-bit ciphers are crackable by brute-force attacks by today's best desktop hardware. (Bruce
Schneier even offers a Win95 screensaver toy that can brute-force crack a common
40-bit cipher, just for fun!
http://www.schneier.com/smime.html That's how powerful today's PCs are--- a
screensaver toy can crack some 40-bit encryption methods!) 128-bit security is still
thought to be mostly OK;
it's beyond what most desktop hardware can crack, now. But if 256-bit (and
even higher) key support is readily available, why not use it? It'll be a long
time before desktop PCs are powerful enough to brute-force their way through
256-bit encryption. <g>
In all cases, the quality of the password/key (length, complexity,
randomness) matters a lot because a cheesy/short/easily-guessed password key can render even the
world's best encryption tool vulnerable. Use a good password/key!
http://search.atomz.com/search/?sp-q=password&sp-a=0008002a-sp00000000
Lots more info:
http://www.techweb.com/encyclopedia/defineterm.jhtml?term=AES
http://www.techweb.com/encyclopedia/defineterm.jhtml?term=blowfish
http://www.schneier.com/resources.html
http://www.mycrypto.net/encryption/crypto_algorithms.html
http://en.wikipedia.org/wiki/Cipher
http://www.google.com/search?q=encrypt+algorithm
NTFS/EFS:
http://langa.com/u/f.htm
and http://langa.com/u/g.htm
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
3) More Tools Like "BartPE..."
Dear Fred, Apropos of your very clear Informationweek article on
BartPE ["A Must-Have Repair And Recovery Tool"
http://www.informationweek.com/story/showArticle.jhtml;?articleID=167100904
] (which has saved my bacon a couple of times in the past) -- here's
something which looks interesting and perhaps worthy of another
article... http://www.reatogo.de/index.htm ---Rajeev Rohatgi
Fred,
Just read your article on BartPE. I've been using [earlier versions] for about 2 yrs to
recover unbootable computers, but now there is an even better tool, built on
the BartPE disk. Check out http://www.ubcd4win.com and build the cd and try it.
You will be amazed!
PS saw it on the http://www.dailyrotation.com website (in the Shell Extension City
headlines), a great place to keep up with the computer world. ---Gordon Golden
Thank you, Rajeev and Gordon!
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
--- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------
4) ...And Other Handy
CD/ISO Tools
I found a little utility for making ISO files
[like a drive image, except of a CD or DVD]
from CD/DVD disks. It is a handy little tool
that does not require installation.
LCISOCreator.exe is available from
http://www.lucersoft.com/freeware.php
.
In my case I have a server that is at a hosting
company, so I can't just drop a CD in when
needed. I can upload an ISO file, and then mount
that ISO as a virtual CD using another utility.
Personally I use Daemon Tools.
( http://www.daemon-tools.cc/dtcc/portal/index.php )
which is also free for private use. It does
require installation and updates from time to
time.
Some other 'cd building' tools will let you save
an ISO or other type of disk image instead of
burning to CD directly. Mounting that image will
allow you to test it out before burning it. That
way you can modify it without wasting a blank CD.
For laptop users, using this method can save
battery power because you don't have to spin up
your CD-rom drive. And in general, my experience
has been that since the data is really on the
hard disk, there is much less delay and a higher
read speed than from a real CD.
As always, I hope some of your readers find this
useful. I really enjoy your newsletter and always find something useful in them.
---Roy Flint
Thanks, Roy!
(A side note for readers who may have "Virtual PC" (
http://search.atomz.com/search/?sp-q=vpc&sp-a=0008002a-sp00000000 )
installed: VPC has a built-in facility for mounting a CD as an
ISO image, inside a virtual PC. Although this is meant as a way for each VPC to
have its own, separate virtual CD, it also can function as a ISO builder!)
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
5) Faster Download Trick
Hello Fred:
I'm a plus subscriber and ALWAYS read the newsletter.
Here is a comment/tip. I read that you should always choose the closest mirror
when downloading software. I live in the Bay Area of California, and I find the
overseas servers are (most times in the day), much faster than the busy servers
close to me. When I say, "much faster", I have measured several downloads at 10
times faster from servers in England, Germany, and Japan, rather than
California, doing the downloads within a couple of minutes from each other.
With 20 million legal inhabitants in California, I think this may be true in
this state. ---Cliff Babcock
Good point, Cliff. Two major factors that can
affect download speed are (1) network latency ("lag"); and (2) server response.
Latency is the combined effect of the time
consumed by every hop or routing segment that your data packets must traverse on
their way to or from the server you're connected to. Although electricity flows
through wiring at nearly the speed of light, delays creep in every time the
signal must be routed, amplified, or otherwise processed. It's not unusual for a
typical connection to involve 20 or more hops or segments; and the aggregate
delays or latency can really slow things down. The usual advice about using a
nearby server is meant to minimize the number of such hops/segments/delays.
But server load also plays a large part in determining
download efficiency. If you're talking to a
server that's totally swamped with download requests, you won't get very far,
even if the server's just down the street. In fact, when a server is swamped,
even an infinitely fast network pipe isn't going to help, because the
bottleneck's inside the server, not out on the network. In cases like that,
finding a distant server with a very light load may indeed result in better
overall throughput.
This is an area where thinking globally can help: Most
ISPs and public servers see their lightest loads between about 2-4 AM, local
time. When you're presented with a choice of download locations, choosing a
server located in a part of the world where it's currently 2-4 AM may get you
better throughputs than from a busy server that's physically much closer!
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
6) Is This Information
Useful?
If you think the LangaList is a worthwhile read, maybe a
friend would find it useful too! Just use the following link to recommend the
LangaList---your friend may find a new source of useful information and you just
may win one of three FREE ONE YEAR SUBSCRIPTIONS to the LangaList Plus! edition
given each month. (If your name is drawn and you're already a Plus! subscriber,
your current subscription will be extended by a full year.)
Check out the details at
http://langa.com/recommend.htm . Thanks for recommending the LangaList---
and good luck!
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
7) Reader Finds Simple
Fan Noise Fix
Hi Fred,
I switched my front fan with my back fan, and it sounds like it's much quieter.
I read somewhere today that it's a good idea to check the fans with the case
open and make sure they're blowing the right way, so I did that. I wonder if
maybe either both fans were mistakenly blowing in or out, and if that was
causing one of the fans to vibrate loudly.
In any case (no pun intended :), I think it's a good idea to do a final check as
someone suggested. ---Steve
Thanks, Steve. Yes, generally, you want "flow-through"
ventilation in a PC. If you have more than one fan, generally you either have
them both blowing out (with an opening somewhere else in the case supplying cool
air) or one blowing out and one blowing in.
The usual reasons for vibration, though, aren't from
pressure effects but from simple mechanical things: Loose fasteners; crud on a
fan blade, making it imbalanced; worn motor bearings; etc. Any one of those
items could have been ameliorated by your moving the fan--- you may have
tightened a loose fastener; knocked some crud off a blade; re-oriented a
fan so pooled lubricant flowed back into the bearings; etc. Whatever the problem
was, you found how easy it is to fix. In fact, fans are so easy to move, tighten
down, or replace--- they're often under $5--- there's really no reason to put up
with excessive fan noise. My simple rule of thumb: If you can hear a PC from across
the room; or if it bothers you *at all* when you're sitting next to it, it's too
loud!
See:
Getting The Grunge Out Of Your
PC:
http://www.informationweek.com/story/showArticle.jhtml?articleID=60403472
Cool And Quiet:
http://www.informationweek.com/story/showArticle.jhtml;?articleID=21401323
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
8) More Reader Sites!
Do you have a home page or website? (It doesn't matter
what size.) Please click over to
http://langa.com/code.htm , and maybe you can join the hundreds and hundreds
of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The
Code" and are wondering if your site will appear here or on the Langa.Com web
site, please see http://langa.com/link.txt
)
Speaking of which: Here's another eclectic sample of reader sites--- some
professional, some very personal:
View A Randomly-Chosen Reader Site From Among All Listed
http://langa.com/randomlink.htm
Manually Browse All Posted-to-Date Sites Starting
At
http://langa.com/readersites.htm
Windows maintenance tasks and protection
http://www.jstechs.com/
Cakes by Darlene Home
http://www.cakesbydarlene.ca/
cultivated web
http://www.cultivatedweb.com/resources.shtml
extreme west rv rentals
http://www.extremewestrvrentals.com/
midwestrocklobster
http://midwestrocklobster.blogspot.com/
novapdf
http://www.novapdf.com/links.php
tutorials and advice for everyone
http://homemade-tutorials.blogspot.com/atom.xml
Digital Images for business and individuals
http://www.letsgetdigital.ca/main.html
dreams of infinity
http://plainofvisions.blogspot.com/
darussell photography
http://www.darussell.com/
leftover chef
http://www.leftoverchef.com/home/
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
--- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------
9) Disk Space In The
Wrong Place
Fred: My problem is my Sony VAIO (P4),
XP,Media Edition, came partitioned w/ a 10 gig "C", for programs and 60 gig
"D" for whatever. I have a lot of graphics/video files on "D", but I could
do with just 40 gigs on this drive. Problem is all of the updates and
programs have left me w/ only about 15 megs of free space on "C" and 50 gigs
on "D". To even run defrag, on C, I need 24 megs of free space to run that
program! (have been unable to remove enough files from C to run defrag so
far) I would like to make "C" partition at least 15 gigs more available
space.
I could have installed programs to "D", but when you change the software
installation default (i.e., "C") , the program never seems to work properly.
From everything I can comprehend about partitioning - something usually gets
"lost". What about compressing the drive "C" - Would this provide the
requisite additional space on C w/o the loss of program data- or am just
going to trade one problem for another ???
Any suggestions on how to do this w/minimum loss of program data would be
appreciated. ---Dan Slagle
Compression, available as a built-in option on NTFS
drives, can work well, especially on higher-end systems. Conceptually, it's like
ZIPping a file, folder, or entire drive; and can store a given amount of raw
data in half the space, more or less, than otherwise. The downsides to
compression are that it consumes a little CPU horsepower, which may be
noticeable on underpowered PCs; and that it's a one-use thing: You gain nothing
by compressing files that are already compressed, such as JPGs, ZIP files, and
so on. Plus, NTFS makes you choose between encryption OR compression. If you use
NTFS for either one, you have to use a third-party tool for the other. See "
http://langa.com/u/h.htm " or
search for "compression" in XP's "Help And Support" system.
But in your case, because many of your files already are
compressed, a partitioning tool might be a better answer--- one that lets you
change the size of existing partitions nondestructively; that is, without losing
the data. You can, for example, take some amount of free space away from your D
partition and add it to your C partition.
There are many tools to do this, including my favorite,
the powerful (but admittedly geeky and somewhat hard to use) BootIt (
http://www.terabyteunlimited.com/bootitng.html ). PartitionMagic and a
number of other tools also can do this:
http://www.google.com/search?q=resize+partition+nondestructive or
http://www.google.com/search?q=manage+partition To further refine either
search, add whatever disk type you have--- NTFS, FAT32, FAT16, etc.--- as an
additional search term.
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
10) Just For Grins
At last, Fred...firewall protection for the Brain! See:
http://zapatopi.net/mindguard.html Best regards, Dave Miller
Thanks, Dave. It's so much classier than the tinfoil hat I normally use. 8-)
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
--- ( Your
Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------
11) Plus! Edition Highlights:
Today's LangaList Plus! Edition contains all ten
items above, plus about 40% more content including:
- Better Than "Find And Run Robot?"
(bypass clogged
menu structures...)
- Disappearing Devices
(how to get
'em back into Windows)
- More On Printer Re-Re-Reinstalls...
(tame the
"new hardware found" beast)
- More Linux Tips From Readers
(real-life
advice!)
Plus--- you get access to over 100,000 additional words in special
features, extra content and private links, all on a private web site, all for about a dollar a month!
Full Plus! Edition info: http://langa.com/plus.htm
Click to email this item to a
friend
http://langa.com/sendit.htm
return to top of page
(Give a gift subscription to
the LangaList Plus edition!
Click <a href= "
http://langa.com/plus_gift.htm ">here</a>)
The LangaList is published about 72 times a year, or
about 6 times a month. See you next issue, 2005-08-25!
Best,
Fred
( Editor@Langa.Com )
Please
recommend
the LangaList to a friend! (And maybe win a prize!)
An easier-to read formatted HTML version is
available in the "Current Issue" section of
http://langa.com.
(The HTML version of each issue normally is available by 9AM EST [UT-5] of the
issue date.) All past LangaList issues are also available at the Langa.Com site.
return to top
of page
Administrivia:
UNSUBSCRIBE (instant removal!):
http://langa.com/leave_langalist.htm
SUBSCRIBE (it's free!):
http://langa.com/join_langalist.htm
CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See
http://langa.com/help.htm
This newsletter is SPAM PROOF and requires two levels of subscriber confirmation
before delivery begins: See
http://langa.com/info.htm
About the advertisers:
http://langa.com/privacy.htm#ads
Disclaimer:
http://langa.com/legal.htm In brief: All information herein is
offered as-is and without warranty of any kind. Neither Langa Consulting LLC, nor
its employees nor contributors are responsible for any loss, injury, or damage,
direct or consequential, resulting from your choosing to use any information
presented here.
This newsletter is a service of Langa Consulting LLC and is Copyright © 2005
Fred Langa / Langa Consulting LLC. All worldwide rights reserved. LangaList: ISSN
1533-1156
return to top
of page |