LAWTECH GURU BLOG by Jeff Beard

More on Vista Shadow Copies & the Dreaded Index.dat Files

As I posted previously, by default Windows Vista enables shadows copies in Vista Ultimate, Business, and Enterprise editions. Shadow copies aid in recovering prior versions of files and are part of Vista's system restore points protection (which was also included in XP). So, basically, it appears the only way for a user to turn off shadow copies is to disable the system restore point protection. The problem is that the system restore point feature is incredibly helpful in troubleshooting and curing a system's ills by rolling back Vista's system files to a previous point in time. This is especially useful after installing a problematic program, driver, or update. In effect, turning off shadow copies is throwing the baby out with the bath water. Nice going Microsoft. If there's a way for enterprises to set a Windows policy to disable shadow copies but keep system restore points active, that would be a good solution. However, I haven't come across that yet.

Now on to Index.dat files. Windows has used these for many years as a way to store data histories, such as your complete URL browsing history. Since these Index.dat files were always kept open by Windows, it took special utilities such as the Index.dat Suite to view their contents, and even better, delete them at bootup before Windows fully loaded. It seems Microsoft has been aware of the problem and has changed the way that Windows and IE work to better clear out the contents of these tell-all files. This blog post from the Windows Core Networking MSDN blog has a greatly detailed discussion of how the WinInet's Index.dat files work under Vista, as well as this one about clearing tracks with IE7.

With e-discovery hot on everyone's plate with the new federal rules, these are additional reasons to have qualified and experienced professionals on your forensic team.

Put IE6 & 7 on Steroids with Free IE7Pro Add-in

I've always liked the extra browser features found in Opera, Maxthon, and Firefox. Yet many people, particularly business users, still use IE as their primary browser. While IE7 adds more features over IE6 and has improved somewhat in security (although ActiveX remains a concern), it's still lacking in power user features.

Enter IE7Pro, a free program that adds mouse gestures, better tab management, ad and flash ad blocking, crash recovery, accidental tab closure recovery, tab history, and a lot more to both IE6 and IE7.

Mouse gestures are a particular favorite of mine, as it lets me just right-click and glide my mouse either left or right to instantly go back or forward. Other gestures can be used for refreshing a page, switching between tabs, and more. Searching for particular words on a long web page? IE7Pro's inline search works much like CTRL-F, but it also allows you to highlight all hits in yellow highlighter for easy skimming.

Another of IE7Pro's cool features is taking a screenshot of an entire web page, instantly from top to bottom -- without having to scroll. Perfect for preserving a snapshot in time. Accidentally closed the wrong tab? No problem, as IE7Pro keeps track of your tab history of previously visited sites and also has a dedicated feature for reopening the last closed tab for quick access.

Ever visit a web site with flash ads? Especially ones that love to play video ads with blaring music or announcers that make everyone in the vicinity jump and wonder what you're up to? No problem -- IE7Pro simply blocks them and displays "Flash Blocked" in a light-colored box where the ad should be. Upon mousing over the blocked ad, it displays "Click to restore flash". Just click, and that particular flash ad or animation appears.

All this in a small package too. IE7Pro is a tiny download at 1.3 MB. Sure, the other browsers have had these features for some time, but if you want to bring IE into the present and get more out of it, IE7Pro is worth a test drive.

Windows Vista Security: Pros and Cons, Third Party Solutions Still Needed

Vista has a number of new security features, such as a two-way firewall, Windows Defender, UAC (User Account Control), BitLocker Drive Encryption, and more. These are certainly improvements over XP in terms of baking more security into Windows. My thoughts and experiences with them so far, along with recommendations for third-party security apps where needed:

Vista Firewall:
While Vista indeed comes with a two-way firewall, it's a mixed bag. While it blocks incoming requests (Windows XP does this too), it appears there's no easy way to configure Vista's firewall to block unauthorized outgoing communications (for example, spyware phoning home from your PC). A user would need to add blocking for each type of malware out there today, which as we know, numbers in the thousands. Not good, so I embarked on researching several of the Internet security suite products for easier and more robust protection, and posted my results below.

Windows Defender:
Windows Defender is basically the next generation of Microsoft's Windows AntiSpyware. For users that don't have any anti-spyware protection installed, this is certainly a step in the right direction. However, it's not an antivirus program. For that, you'd need to subscribe and pay for the Windows Live OneCare service, listing for $49.95/year on Microsoft's web site. The site lists OneCare's features as Antivirus, Antispyware, Anti-phishing, Firewall, Performance tune-ups, and Backup and Restore. It's interesting to note a number of these are already bundled in Vista, at least to some extent. Again, while I applaud Microsoft for offering additional security, they don't have a great track record in the security business, and for that price I found several Internet security suites that were more mature and robust for roughly the same price. Also, I still like having Spybot Search and Destroy installed to catch anything the other solutions missed, and vice versa.

UAC (User Account Control):
First off, if you haven't heard of or seen Vista's UAC prompts, you absolutely must view this hilarious Apple TV commercial. For certain types of actions, Windows will prompt you to confirm whether you want them to run or not. It's annoying and productivity-sapping as you're basically issuing commands twice. The idea behind it is to prevent malware from doing something unauthorized on your PC. As the commercial mentions, you could turn it off, but then it wouldn't provide any alerts or protection. I've read that Microsoft is looking to make it less intrusive and annoying in the future. One could only hope.

New User Account Types:
Vista helps address one of the support problems with Windows XP -- standard user vs. administrative rights. Under XP, it was common to have to log into Windows as a system administrator to install programs, make system changes, troubleshoot, etc. With Vista, standard user accounts can be temporarily escalated to administrator privileges simply by typing in an administrator password when prompted. Granted, I seriously doubt that corporate enterprises will allow their users such privileges, but for home use, it's a great feature that eliminates a lot of user swapping and logins back and forth. It also allows me to work as a standard user with limited privileges for better security, while providing me temporary superpowers when needed.

BitLocker Drive Encryption:
Wouldn't it be nice to know that if someone stole my laptop, they couldn't get access to my confidential e-mails, documents, financial information, and more? Hard drive encryption was one of the reasons I wanted to purchase Vista Ultimate, as it's only available in Vista Enterprise and Ultimate editions (so don't expect it in any Home version nor the smaller business editions). With the staggering number of laptop thefts and inadvertent disclosures of confidential data and corporate data privacy debacles, this is a welcome addition to Windows. Just for "fun", take a look at the very long Privacy Rights Clearinghouse list of data breaches since 2005. In your browser, press CTRL-F and type "laptop" to find each occurrence involving a laptop computer breach. Scary, isn't it?

Sure, there are plenty of third party drive encryption products available, but it's nice to see one incorporated into the OS itself. I haven't tried it yet, and there is some drive preparation required. As I understand it, BitLocker needs to create two hard drive volumes. One is unencrypted for all of Vista's system files for better performance. The other is encrypted and contains all of the non-system files (including your data). FYI, Vista Ultimate users can download a free "Extra" via Windows Update that streamlines this preparation process and makes it more user-friendly. As I prefer to use Norton Ghost to backup Windows installations, I haven't enabled BitLocker until I know that Ghost can handle backing up and restoring these encrypted volumes. Symantec just released Ghost 12.0 for Vista compatibility, so I'll be checking up on its ability to handle BitLockered drives.

Data Execution Prevention (DEP):
Vista continues to support DEP as did WinXP SP2. Per Microsoft, Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In plain English, it prevents programs from running from memory marked for storing data, not programs. This is one way the system can stop malicious software exploits.

On my Toshiba laptop, I used SecurAble from Steve Gibson (of ShieldsUp! fame) to determine whether my new Core 2 Duo processor had hardware DEP capability and whether it was enabled. Sure enough, it had DEP, but Toshiba shipped the laptop with DEP disabled in the BIOS. After I enabled it, I have encountered a few instances where Windows closed Internet Explorer and other apps under DEP protection. As I have a clean system, I'm chalking these up to software bugs. As an educated guess, this is probably why Toshiba chose to leave it disabled -- less problems for users out of the box (but perhaps leaving them open for more problems down the road without hardware DEP protection). Most processors made in the past year or two support hardware DEP, which is preferable to the software-based DEP protection Vista will use if it doesn't detect it in the processor.

Why is DEP so important? I'll let Steve Gibson answer that by quoting from his site:

"Why would data or communications buffers ever contain executable code? . . . because so-called "Buffer Overrun" attacks are the predominant way Internet-connected computers have historically been remotely hacked and compromised. Hackers locate obscure software vulnerabilities which allow them to "overrun" the buffers with their own data. This tricks the computer into executing the hacker's supplied data (which is actually code) contained within that buffer. But if the operating system has marked that Internet communications buffer region of memory as only being valid for containing data and NOT code, the hacker's attack will never get started. Instead, the operating system will display a notice to the user that the vulnerable program is being terminated BEFORE any of the hacker's code has the chance to run.

The real beauty of this system is that it provides strong protection from UNKNOWN vulnerabilities in the system and user programs.

Anti-Virus and anti-malware software is useful, but as we know, virus signature files must be continually updated to keep A/V software aware of new threats. Significantly, A/V software is unable to protect against unknown viruses and malware intrusions because it searches for known malicious code rather than detecting and blocking potentially malicious behavior. Hardware DEP, on the other hand, when properly configured, hardens the entire system against both known and unknown vulnerabilities by detecting and preventing the behavior of code execution in data buffers.

Buffer overrun vulnerabilities are so difficult to prevent that scores of them are being found and exploited in operating system and application software every day. Taking advantage of modern processor XD/NX capabilities is a powerful way to fight back and prevent this most common class of Internet vulnerabilities."

First off, Toshiba had preinstalled a 30-day trial of McAfee's Internet Security Suite. I've never been a big fan of McAfee's antivirus software, having seen first-hand some clunky performance and other issues in the past. Keeping an open mind, it was a good opportunity to see if they've corrected prior shortcomings. Sad to say, the new version only confirmed my concerns. Every time I used Outlook 2007 to send/receive e-mail, I saw my dual-core processors peg at 100% usage continuously. It literally brought my new Vista system to its knees. The entire system was running in extreme slow motion. At first I thought it was an Outlook problem, but the trusty Windows Task Manager pinpointed McAfee's e-mail proxy service as the culprit. Killing it fixed the problem. No, actually, spending several hours uninstalling, rebooting, and then manually removing all of the McAfee remnants in my system and registry fixed the problem. Even McAfee's special uninstaller from their web site didn't do a complete job. Let this be a lesson.

Next, I looked at both ZoneAlarm's and Norton's Internet security suite offerings. This took a bit more research, as both have produced excellent products in the past. ZoneAlarm has one of the best personal firewalls in the market, while Norton's Antivirus has never, ever, let me down. The ZoneAlarm suite now uses Kaspersky's highly-regarded antivirus, which brings it on par with Norton Antivirus. Previously, ZoneAlarm used CA's antivirus, a less impressive solution in my opinion. So how did they fare against each other in security features?

Like Norton, ZoneAlarm has a network and program firewall. However, ZoneAlarm has an added OS firewall, providing even greater protection at the operating system level. Score one for ZoneAlarm. Both provide full stealthing of ports. Both provide an option to block all traffic. ZoneAlarm provides a nice big red button for one-click blocking. Norton's "Block Traffic" feature requires you to perform several clicks and type an administrator password to confirm. Apparently they're taking lessons from Microsoft's UAC above, and this is bad. When you have an intrusion in either direction, you need to be able to kill all traffic quickly and easily, so ZoneAlarm easily wins this round for ease of use. Naturally, with Wi-Fi laptops, another easy way is to just turn off your Wi-Fi card, as many new laptops provide a handy off switch. Also, both suites provided anti-spyware, anti-phishing, rootkit, and wireless network protection, so those were a draw.

However, it's extremely critical to note that the ZoneAlarm Internet Security Suite for Vista is missing important features compared to their XP program. ZoneAlarm's Vista version lacks spy site blocking and blocking of confidential data. ZoneAlarm also lacks parental control, IM (instant messaging) protection, and ad blocking. ZoneAlarm's customer service explained that they were not included due to the fact that Vista and IE7 already include many of these features. While plausible, it did not excuse the most glaring omission of all: There was no adequate e-mail security. The Vista version of ZoneAlarm Internet Security Suite could not scan or repair e-mail attachments, quarantine them, or block infected outgoing messages. This was the tipping point for me.

As spam and e-mail attachments continue to be critical security threats, I opted for the excellent e-mail antivirus protection Norton provided. While the Norton Internet Security suites from 2005 and 2006 received a lot of negative feedback for being bloated and slow in scanning, the new NIS 2007 suite has been mostly recoded from the ground up. Increased scanning speed performance and reduced CPU usage were two of their main goals, and it shows. The installation went flawlessly, as did the initial scans and live updates. As for configuration, it was mostly automatic. By default, Norton Antivirus ignores all low-risk items, not something I like to see in a security program. It can be changed to prompt the user for those items, which I heartily recommend.

As further justification, I recently perused a copy of Windows Vista Magazine while killing time in an airport. They reviewed something like the top 7-8 Internet security suites including Norton, ZoneAlarm, and McAfee. They also concluded that Norton Internet Security 2007 was the top pick. While no suite is perfect, I've always liked the die-hard protection that Norton provides with virtually no false positives, easy updating of both programs and virus definitions alike, and that it just plain works. On the downside, if you should encounter a problem, Norton's customer service and support isn't what it used to be, and they tend to force you to buy new versions instead of solving problems with their installed user base. Something to consider if you aren't a power user.

FYI, Symantec has also just released Norton 360, an even more comprehensive suite that provides backup and performance tuning features in addition to the security features. While it sounds nice, all these additional features just seemed reminiscent of Norton SystemWorks -- a fairly bloated, invasive, and problematic suite for many users, and one which I strongly recommended against to friends and colleagues. Frankly, I just needed the Norton Internet Security suite features, and didn't want to overload my new Vista system with potential bloatware. Norton 360 may indeed prove to be a valuable package, but I emphasize the word, "prove", before recommending it.

Concluding Thoughts:
As you can see, Microsoft has beefed up security in Vista and IE7 to some extent. How effective these new features are, well, that remains to be seen. I still recommend installing a separate security suite with good firewall, antivirus, anti-spyware, and other features to more fully protect your system. Yes, they cost a little more, but they're worth it.

BitLocker hard drive encryption sounds promising. As faster dual- and quad-core processors and faster hybrid hard drives (those with added flash memory) hit the market, we may indeed see a mobile data security solution with reduced performance lag. For once, I'd love to read this headline: "Laptop with Critical Data Stolen -- Encryption Saved Company, Customers, and Employees From Yet Another Identity Theft and Data Privacy Fiasco." However, I have to wonder why Microsoft omitted BitLocker from other Vista versions that will obviously be installed on business and personal laptops? It just seems to lessen their stance on security by making it subordinate to profitability.

Overall, I like the attention on added security. I think that over time, with additional service packs and updates, Vista will surpass XP's popularity -- particularly as newer and faster hardware will put its performance on par with XP.

First Thoughts on Vista Ultimate and Office 2007!

I'm back after taking a blogging sabbatical. I recently purchased a new Toshiba A205 widescreen notebook preloaded with Windows Vista Ultimate and added Office 2007 Professional. I particularly wanted access to all of the latest features and usability improvements in Windows and Office. If first impressions are any indication, it's off to a fine start.

Usability
Usability was a very high priority in the OS interface design and particularly in the Office 2007 apps. The Office ribbon bar is a huge improvement in my opinion, and has made finding and learning new features much more intuitive. Not all programs have fully adopted the new ribbon bar interface, however. Outlook and Publisher 2007 still have plenty of legacy-style menus and toolbar buttons. For example, creating a new message in Outlook 2007 presents you with the ribbon bar, while the main Outlook screen does not. But the big improvements in Word, Excel, and PowerPoint are most welcome, and I'll cover my Word 2007 impressions in a separate post as it has particular importance in the legal arena. I really like the revamped Windows Explorer layout as well -- simplified, yet chock full of features for navigating, displaying, and burning your data to discs.

Not surprisingly, some features were either renamed or moved around from where you'd expect them in prior versions. Fortunately, the included help screens are well written, with plenty of links to help you get to the desired feature or program. Another huge help is the new Search bar in the Start menu, which doubles as the Start, Run command. It's very easy to search for and run all kinds of programs and data files. Say you don't know where the new Windows Mobility Center is launched from? No problem, just click on Start, type in "mob" for the first few letters, and it displays the program link. The built-in help content can also be updated online from Microsoft, so you're always getting the latest assistance. Bottom line, it's still Windows, so the basics haven't changed. I found it easy to be productive nearly right out of the box.

Good Stability Overall for a New Release
In stark contrast to Microsoft's buggy initial Windows XP release, they did their jobs well on the new product line. I've been putting it through its paces heavily for nearly two weeks, installing and uninstalling various programs, applying Windows and program updates, running various programs, etc. Vista has been very stable throughout -- no BSOD's (Blue Screens of Death), glitches, or any serious problems encountered in the OS itself. Some minor problems include Windows Explorer and a few programs "not responding" once in a while. Nothing new there, but that's about it. Office 2007 Professional has been very stable, no problems encountered in its normal operation so far. I have encountered a small bug in the new Windows Explorer-integrated preview -- it's supposed to show a preview of Office 2007 documents without opening them. It's not stable yet, either failing to display the contents or displaying a message that Word 2007 has stopped responding (apparently it's used for the live preview).

Aero
The Aero 3D glass interface is simply stunning and very Apple-ish. The live windows previews on the taskbar and while Alt-tabbing truly helps me to see which application window I want. The new angled 3-D view is fantastic for fast and accurate switching, as it provides an ever larger live preview window for each app. Just be sure you have sufficient hardware to run all these useful Aero display enhancements. Going forward, I heartily recommend a Core 2 Duo processor or better, 2 GB of RAM, a big hard drive, and an adequate video card for rendering the Aero 3-D desktop effects.

For laptop users, this means at least a decent mid-range notebook. With that said, I've found that even an integrated Intel 950 graphics chip is sufficient for rendering Aero and other Vista 3-D effects (screensavers, animations, etc.). Naturally, having a dedicated 3-D video card is preferable but more expensive.

For overall system speed, having sufficient RAM is critical. I consistently see 700 MB to 900 MB of RAM in use just running the Vista OS, a number of Vista Sidebar and Google Desktop "Gadgets", and security software. Basically, Vista Ultimate uses just under 1 GB of RAM just to run the system before running any office programs. To avoid unnecessary drive crunching, 2 GB is clearly warranted for best performance. As a power user, I particularly love the new Sidebar. It's a great place to monitor system performance and attributes, list to-do's, display a nice large clock, weather information, and a lot more. The nice thing about having the 2 GB on-board is that I have yet to see the memory max out in actual usage.

Third Party Apps Need to Catch Up
On the downside, I've encountered a few problems or limitations with third party programs that haven't been properly updated for Vista. For example, iTunes 7.1 and 7.2 refused to run. However, while the newest iTunes 7.3 at least opened, the newly-added Apple iPhone driver crashes iTunes when saving any iTunes options change. Considering I'm not an iPhone owner, this is particularly annoying as I just need to use it with my iPod. However, Windows Vista just shrugs it off and keeps on running.

Third-party incompatibilities should improve over time as software developers catch up with new patches and releases. [Update 7.18.07: The new iTunes version 7.3.1.3 seems to have corrected the problem as iTunes is behaving itself.] The nice change here is that Vista will often pop up a dialog to indicate which program is not responding. It then seeks to find a solution, often directing me to the developer's web site to download a newer, more compatible version. Keep in mind that Vista comes in both 32-bit and 64-bit versions. While 64-bit computing is touted as more secure, I've noticed that 64-bit versions of various programs are lagging behind. If compatibility with existing programs are paramount, go with the 32-bit versions of Vista for now.

Other Niceties
For laptop users, the new Windows Mobility Center is a nice touch. From the screenshot below, you can see how it combines a number of mobile features (display, battery, sound, presentation settings, wireless network, etc.) into one easily accessible control panel. While these features are accessible in other places in Windows, it's a most welcome control panel for road warriors so we don't have to fiddle around in several disjointed dialogs when time is short.