July 26, 2007
More on Vista Shadow Copies & the Dreaded Index.dat Files
As I posted previously, by default Windows Vista enables shadows copies in Vista Ultimate, Business, and Enterprise editions. Shadow copies aid in recovering prior versions of files and are part of Vista's system restore points protection (which was also included in XP). So, basically, it appears the only way for a user to turn off shadow copies is to disable the system restore point protection. The problem is that the system restore point feature is incredibly helpful in troubleshooting and curing a system's ills by rolling back Vista's system files to a previous point in time. This is especially useful after installing a problematic program, driver, or update. In effect, turning off shadow copies is throwing the baby out with the bath water. Nice going Microsoft. If there's a way for enterprises to set a Windows policy to disable shadow copies but keep system restore points active, that would be a good solution. However, I haven't come across that yet.
Now on to Index.dat files. Windows has used these for many years as a way to store data histories, such as your complete URL browsing history. Since these Index.dat files were always kept open by Windows, it took special utilities such as the Index.dat Suite to view their contents, and even better, delete them at bootup before Windows fully loaded. It seems Microsoft has been aware of the problem and has changed the way that Windows and IE work to better clear out the contents of these tell-all files. This blog post from the Windows Core Networking MSDN blog has a greatly detailed discussion of how the WinInet's Index.dat files work under Vista, as well as this one about clearing tracks with IE7.
With e-discovery hot on everyone's plate with the new federal rules, these are additional reasons to have qualified and experienced professionals on your forensic team.
July 25, 2007
Put IE6 & 7 on Steroids with Free IE7Pro Add-in
I've always liked the extra browser features found in Opera, Maxthon, and Firefox. Yet many people, particularly business users, still use IE as their primary browser. While IE7 adds more features over IE6 and has improved somewhat in security (although ActiveX remains a concern), it's still lacking in power user features.
Enter IE7Pro, a free program that adds mouse gestures, better tab management, ad and flash ad blocking, crash recovery, accidental tab closure recovery, tab history, and a lot more to both IE6 and IE7.
Mouse gestures are a particular favorite of mine, as it lets me just right-click and glide my mouse either left or right to instantly go back or forward. Other gestures can be used for refreshing a page, switching between tabs, and more. Searching for particular words on a long web page? IE7Pro's inline search works much like CTRL-F, but it also allows you to highlight all hits in yellow highlighter for easy skimming.
Another of IE7Pro's cool features is taking a screenshot of an entire web page, instantly from top to bottom -- without having to scroll. Perfect for preserving a snapshot in time. Accidentally closed the wrong tab? No problem, as IE7Pro keeps track of your tab history of previously visited sites and also has a dedicated feature for reopening the last closed tab for quick access.
Ever visit a web site with flash ads? Especially ones that love to play video ads with blaring music or announcers that make everyone in the vicinity jump and wonder what you're up to? No problem -- IE7Pro simply blocks them and displays "Flash Blocked" in a light-colored box where the ad should be. Upon mousing over the blocked ad, it displays "Click to restore flash". Just click, and that particular flash ad or animation appears.
All this in a small package too. IE7Pro is a tiny download at 1.3 MB. Sure, the other browsers have had these features for some time, but if you want to bring IE into the present and get more out of it, IE7Pro is worth a test drive.
July 24, 2007
Windows Vista Security: Pros and Cons, Third Party Solutions Still Needed
Vista has a number of new security features, such as a two-way firewall, Windows Defender, UAC (User Account Control), BitLocker Drive Encryption, and more. These are certainly improvements over XP in terms of baking more security into Windows. My thoughts and experiences with them so far, along with recommendations for third-party security apps where needed:
UAC (User Account Control):
New User Account Types:
BitLocker Drive Encryption:
Sure, there are plenty of third party drive encryption products available, but it's nice to see one incorporated into the OS itself. I haven't tried it yet, and there is some drive preparation required. As I understand it, BitLocker needs to create two hard drive volumes. One is unencrypted for all of Vista's system files for better performance. The other is encrypted and contains all of the non-system files (including your data). FYI, Vista Ultimate users can download a free "Extra" via Windows Update that streamlines this preparation process and makes it more user-friendly. As I prefer to use Norton Ghost to backup Windows installations, I haven't enabled BitLocker until I know that Ghost can handle backing up and restoring these encrypted volumes. Symantec just released Ghost 12.0 for Vista compatibility, so I'll be checking up on its ability to handle BitLockered drives.
Data Execution Prevention (DEP):
On my Toshiba laptop, I used SecurAble from Steve Gibson (of ShieldsUp! fame) to determine whether my new Core 2 Duo processor had hardware DEP capability and whether it was enabled. Sure enough, it had DEP, but Toshiba shipped the laptop with DEP disabled in the BIOS. After I enabled it, I have encountered a few instances where Windows closed Internet Explorer and other apps under DEP protection. As I have a clean system, I'm chalking these up to software bugs. As an educated guess, this is probably why Toshiba chose to leave it disabled -- less problems for users out of the box (but perhaps leaving them open for more problems down the road without hardware DEP protection). Most processors made in the past year or two support hardware DEP, which is preferable to the software-based DEP protection Vista will use if it doesn't detect it in the processor.
Why is DEP so important? I'll let Steve Gibson answer that by quoting from his site:
"Why would data or communications buffers ever contain executable code? . . . because so-called "Buffer Overrun" attacks are the predominant way Internet-connected computers have historically been remotely hacked and compromised. Hackers locate obscure software vulnerabilities which allow them to "overrun" the buffers with their own data. This tricks the computer into executing the hacker's supplied data (which is actually code) contained within that buffer. But if the operating system has marked that Internet communications buffer region of memory as only being valid for containing data and NOT code, the hacker's attack will never get started. Instead, the operating system will display a notice to the user that the vulnerable program is being terminated BEFORE any of the hacker's code has the chance to run.Third-Party Internet Security Suites:
While Microsoft's emphasis on security is welcome, I have to say their security track record gave me great pause in relying exclusively on their solutions -- particularly when there are mature and tested security products available. For my new Vista laptop, I took a look at three leading Internet security suites from ZoneAlarm, Symantec (Norton), and McAfee. Only one met my definition of appropriate security features, ease of use, and system performance.
First off, Toshiba had preinstalled a 30-day trial of McAfee's Internet Security Suite. I've never been a big fan of McAfee's antivirus software, having seen first-hand some clunky performance and other issues in the past. Keeping an open mind, it was a good opportunity to see if they've corrected prior shortcomings. Sad to say, the new version only confirmed my concerns. Every time I used Outlook 2007 to send/receive e-mail, I saw my dual-core processors peg at 100% usage continuously. It literally brought my new Vista system to its knees. The entire system was running in extreme slow motion. At first I thought it was an Outlook problem, but the trusty Windows Task Manager pinpointed McAfee's e-mail proxy service as the culprit. Killing it fixed the problem. No, actually, spending several hours uninstalling, rebooting, and then manually removing all of the McAfee remnants in my system and registry fixed the problem. Even McAfee's special uninstaller from their web site didn't do a complete job. Let this be a lesson.
Next, I looked at both ZoneAlarm's and Norton's Internet security suite offerings. This took a bit more research, as both have produced excellent products in the past. ZoneAlarm has one of the best personal firewalls in the market, while Norton's Antivirus has never, ever, let me down. The ZoneAlarm suite now uses Kaspersky's highly-regarded antivirus, which brings it on par with Norton Antivirus. Previously, ZoneAlarm used CA's antivirus, a less impressive solution in my opinion. So how did they fare against each other in security features?
Like Norton, ZoneAlarm has a network and program firewall. However, ZoneAlarm has an added OS firewall, providing even greater protection at the operating system level. Score one for ZoneAlarm. Both provide full stealthing of ports. Both provide an option to block all traffic. ZoneAlarm provides a nice big red button for one-click blocking. Norton's "Block Traffic" feature requires you to perform several clicks and type an administrator password to confirm. Apparently they're taking lessons from Microsoft's UAC above, and this is bad. When you have an intrusion in either direction, you need to be able to kill all traffic quickly and easily, so ZoneAlarm easily wins this round for ease of use. Naturally, with Wi-Fi laptops, another easy way is to just turn off your Wi-Fi card, as many new laptops provide a handy off switch. Also, both suites provided anti-spyware, anti-phishing, rootkit, and wireless network protection, so those were a draw.
However, it's extremely critical to note that the ZoneAlarm Internet Security Suite for Vista is missing important features compared to their XP program. ZoneAlarm's Vista version lacks spy site blocking and blocking of confidential data. ZoneAlarm also lacks parental control, IM (instant messaging) protection, and ad blocking. ZoneAlarm's customer service explained that they were not included due to the fact that Vista and IE7 already include many of these features. While plausible, it did not excuse the most glaring omission of all: There was no adequate e-mail security. The Vista version of ZoneAlarm Internet Security Suite could not scan or repair e-mail attachments, quarantine them, or block infected outgoing messages. This was the tipping point for me.
As spam and e-mail attachments continue to be critical security threats, I opted for the excellent e-mail antivirus protection Norton provided. While the Norton Internet Security suites from 2005 and 2006 received a lot of negative feedback for being bloated and slow in scanning, the new NIS 2007 suite has been mostly recoded from the ground up. Increased scanning speed performance and reduced CPU usage were two of their main goals, and it shows. The installation went flawlessly, as did the initial scans and live updates. As for configuration, it was mostly automatic. By default, Norton Antivirus ignores all low-risk items, not something I like to see in a security program. It can be changed to prompt the user for those items, which I heartily recommend.
As further justification, I recently perused a copy of Windows Vista Magazine while killing time in an airport. They reviewed something like the top 7-8 Internet security suites including Norton, ZoneAlarm, and McAfee. They also concluded that Norton Internet Security 2007 was the top pick. While no suite is perfect, I've always liked the die-hard protection that Norton provides with virtually no false positives, easy updating of both programs and virus definitions alike, and that it just plain works. On the downside, if you should encounter a problem, Norton's customer service and support isn't what it used to be, and they tend to force you to buy new versions instead of solving problems with their installed user base. Something to consider if you aren't a power user.
FYI, Symantec has also just released Norton 360, an even more comprehensive suite that provides backup and performance tuning features in addition to the security features. While it sounds nice, all these additional features just seemed reminiscent of Norton SystemWorks -- a fairly bloated, invasive, and problematic suite for many users, and one which I strongly recommended against to friends and colleagues. Frankly, I just needed the Norton Internet Security suite features, and didn't want to overload my new Vista system with potential bloatware. Norton 360 may indeed prove to be a valuable package, but I emphasize the word, "prove", before recommending it.
BitLocker hard drive encryption sounds promising. As faster dual- and quad-core processors and faster hybrid hard drives (those with added flash memory) hit the market, we may indeed see a mobile data security solution with reduced performance lag. For once, I'd love to read this headline: "Laptop with Critical Data Stolen -- Encryption Saved Company, Customers, and Employees From Yet Another Identity Theft and Data Privacy Fiasco." However, I have to wonder why Microsoft omitted BitLocker from other Vista versions that will obviously be installed on business and personal laptops? It just seems to lessen their stance on security by making it subordinate to profitability.
Overall, I like the attention on added security. I think that over time, with additional service packs and updates, Vista will surpass XP's popularity -- particularly as newer and faster hardware will put its performance on par with XP.
July 14, 2007
First Thoughts on Vista Ultimate and Office 2007!
I'm back after taking a blogging sabbatical. I recently purchased a new Toshiba A205 widescreen notebook preloaded with Windows Vista Ultimate and added Office 2007 Professional. I particularly wanted access to all of the latest features and usability improvements in Windows and Office. If first impressions are any indication, it's off to a fine start.
Not surprisingly, some features were either renamed or moved around from where you'd expect them in prior versions. Fortunately, the included help screens are well written, with plenty of links to help you get to the desired feature or program. Another huge help is the new Search bar in the Start menu, which doubles as the Start, Run command. It's very easy to search for and run all kinds of programs and data files. Say you don't know where the new Windows Mobility Center is launched from? No problem, just click on Start, type in "mob" for the first few letters, and it displays the program link. The built-in help content can also be updated online from Microsoft, so you're always getting the latest assistance. Bottom line, it's still Windows, so the basics haven't changed. I found it easy to be productive nearly right out of the box.
Good Stability Overall for a New Release
For laptop users, this means at least a decent mid-range notebook. With that said, I've found that even an integrated Intel 950 graphics chip is sufficient for rendering Aero and other Vista 3-D effects (screensavers, animations, etc.). Naturally, having a dedicated 3-D video card is preferable but more expensive.
For overall system speed, having sufficient RAM is critical. I consistently see 700 MB to 900 MB of RAM in use just running the Vista OS, a number of Vista Sidebar and Google Desktop "Gadgets", and security software. Basically, Vista Ultimate uses just under 1 GB of RAM just to run the system before running any office programs. To avoid unnecessary drive crunching, 2 GB is clearly warranted for best performance. As a power user, I particularly love the new Sidebar. It's a great place to monitor system performance and attributes, list to-do's, display a nice large clock, weather information, and a lot more. The nice thing about having the 2 GB on-board is that I have yet to see the memory max out in actual usage.
Third Party Apps Need to Catch Up
Third-party incompatibilities should improve over time as software developers catch up with new patches and releases. [Update 7.18.07: The new iTunes version 22.214.171.124 seems to have corrected the problem as iTunes is behaving itself.] The nice change here is that Vista will often pop up a dialog to indicate which program is not responding. It then seeks to find a solution, often directing me to the developer's web site to download a newer, more compatible version. Keep in mind that Vista comes in both 32-bit and 64-bit versions. While 64-bit computing is touted as more secure, I've noticed that 64-bit versions of various programs are lagging behind. If compatibility with existing programs are paramount, go with the 32-bit versions of Vista for now.
Overall, I've been quite impressed by the stability and usability refinements. Stay tuned for more coverage of Vista and Office 2007, including some tips and tricks, as well as some recommendations for security software.