LAWTECH GURU BLOG by Jeff Beard

Apply a Critical Security Patch for IE 5, 6, 7 & 8 ASAP

As if "Clickjacking" wasn't bad enough, yet another critical security exploit was found in IE, and it affects virtually every version that people would have on their PCs (from the older v. 5.0 all the way through to IE's 8 beta). This flaw was recently publicly reported, and Microsoft just released the critical patch yesterday, Dec. 18th. Since it's very rare when Microsoft issues a security patch out of their normal cycle, you can tell this one is important. Without going into techie details, suffice it to say that thousands of web sites have already been compromised to deliver the exploit to your PC should you visit them using an unpatched version of IE. The exploit could allow criminals to take control of people's computers and steal their passwords. The problem was that hackers found this security hole before Microsoft, so MS had to play catch-up.

For personal PCs, download and install this patch from Microsoft. It should also be available in your Windows Update (remember to log in as an administrator first). If you're in an enterprise environment, check with your IT department as they are very likely already painfully aware of this and are probably working on it.

I read through the Microsoft-suggested workarounds in lieu of applying the patch, and none are pretty. For instance, setting your IE's security level to "High", while effective, disables ActiveX and scripting, and would disable a number of features on legitimate sites. Plus, you'll likely get nagged to death from prompt after endless prompt while surfing.

Of course, the best suggestion is to not use IE at all, and instead use an alternate browser such as Firefox, Opera, or Chrome. However, even if you don't use IE overtly, you could still be at risk. For example, some people use a Firefox plugin or extension to have an IE tab open within Firefox -- useful when a specific site just won't work properly in Firefox. Guess what? It's as if you're using IE to visit that site, and so you're vulnerable if the new IE patch isn't installed. Also, remember that IE's core components are used in a number of non-web browsing functions, so you may be vulnerable even if you're not using IE as your default browser.

Some experts suggest that eventually hackers will find a way to use this exploit in a slightly different manner than what the MS patch was designed to fix. But for now, I'd say your best bet is to apply this IE patch, and set and use Firefox or another non-IE browser as your default browser in Windows.

Acrobat 9 Adds Refinements, Greatly Improved Web Site Capture

A few months ago, Adobe released Acrobat version 9. I've wanted to blog about this for a while now, but also really wanted to use the software before posting to provide a realistic assessment. This time around, I've had the good fortune of trying both Acrobat 9 Professional and the new Extended version. Keep in mind this is the ninth version, so it's become quite a mature package by now. While there's not a huge number of new features, there are a number of subtle refinements throughout, which is a good thing. Unlike the jarring interface change from Acrobat 7 to Acrobat 8 that made users squirm to have to relearn it (though I greatly preferred 8's interface to 7's), this time around, Adobe kept the visual changes down to a minimum. So it's much easier to get your bearings quickly with version 9. Whether you need to upgrade really comes down to this: What is new can be helpful, depending on how you typically use Acrobat.

First off, the biggest noticeable change for me is that the web site PDF capture and conversion module actually works, for the first time since they added the feature several versions ago. It even captures Flash animations. I often bemoaned how poorly the prior versions performed, often missing collecting and packaging most of the graphics, instead adding x'ed out boxes as placeholders. Starting with version 9, whether you want to capture and convert a single web page or an entire site (including all the active interlinking of pages) to PDF, it actually does a very good job. There's a new "Select" button added in Internet Explorer's toolbar that lets you specify a particular region if desired. Alas, there's no such conversion button for Firefox, so you need to use IE for the time being. Here's hoping Adobe adds Firefox support in upcoming versions. While I wouldn't say the PDF web copies are exact bit-for-bit matches, they are a reasonable representation in many instances. I understand from Rick Borstein at Adobe that they incorporated a completely different web capture engine, and it shows. Bravo.

For those assembling and publishing PDF binders, the newly named "Portfolio" feature is really a refinement of the binder along its evolutionary scale. You can now choose to package a Portfolio with different graphics (think firm logo) and even select an interesting document flipping interface that's very reminiscent of flipping through album cover art on a newer iPod. Also, the Bates numbering features first seen in the prior version have been offered some minor refinements, such as renaming files to the Bates number range, and you can now create a log file for the Bates operations.

Document comparison that actually works has been a welcome theme in our office tools of late. With the release of Office 2007, Microsoft finally gave us a usable document comparison tool in Word 2007 (it really couldn't have gotten any worse) -- yet I wouldn't say it has all the bells or whistles either. Likewise, Adobe has also included a completely new document comparison engine in Acrobat 9 that provides more granularity. They've been listening to both legal and business professionals alike, who need to be able to rely upon decent comparison tools. Sure, there have been other commercial software packages available for document comparison for quite some time. However, depending on what you need to accomplish in your review process, you may be happy with one or both of these built-in tools (i.e., Word and Acrobat). If you already have a full-feature third party comparison tool, great, but if not, I'd say give both of these comparison tools a try first to see if either meets your needs.

Those of us concerned with embedded metadata will be happy to hear that the metadata removal features have been enhanced as well. From Adobe: "In recent years, legal professionals have become increasingly aware of the risk of accidental disclosures of confidential information in document metadata. While PDF is relatively benign compared to Microsoft Office documents, legal professionals require the equivalent of digital bleach -- the ability to easily find and remove document metadata. The enhanced Examine Document feature in Acrobat 9 ensures that documents are clean and safe to send. Acrobat 9 can remove metadata, hidden text, bookmarks, comments, and other potentially dangerous information from documents." More specifically, the Examine Document feature has the following improvements in Acrobat 9:

1. Examine and remove hidden text, layers, and objects on a per item basis.
2. Preview any type of metadata.
3. Examine metadata from a convenient panel.
4. Examine Document is now available via Batch Processing.

The Extended version adds the ability to import video and Flash. Another great use is publishing a PowerPoint presentation with embedded video or your voiceover all combined in a single PDF to bring it to life. Naturally, since these are new features, your intended audience will need to download and install the free Acrobat Reader 9 software to handle it.

There are a number of other refinements as well, including file splitting, enhanced forms and OCR, and a new online collaborative mode for dual remote viewing. There's also new document sharing at Acrobat.com, but legal professionals will need to decide for themselves whether to post sensitive documents online. Give it a try with something innocuous first, but with version 9, it's clear that Acrobat has finally embraced the Internet.

For a balanced, in-depth review, I'll point you to Brett Burney's article on Law.com. Also, Rick Borstein's Acrobat for Legal Professionals blog has a great post detailing all of these changes and more. Overall, Acrobat 9 Professional and Professional Extended seem to launch more quickly and seem more refined. Bottom line, those who are only using Acrobat 8 for the most basic use may not see much reason to upgrade to 9, but those who are responsible for creating and distributing more complex and professional-looking PDFs should definitely give it a try.

Norton Internet Security 2009 -- What A Difference!

I recently upgraded my personal laptop to Norton Internet Security 2009, and was very pleasantly surprised. In stark contrast to prior versions, the new 2009 version has been streamlined and so far seems very light on system resources. In recent years, Symantec has needed to rebuild both its brand and its products, mainly due to the horribly bloated and CPU-intensive 2005 and 2006 versions of their Norton Internet Security (NIS) and Norton Antivirus (NAV) programs, which prompted many customers to post negative feedback online.

Starting with the 2007 version, Symantec recoded these products from the ground up in an effort to make them lighter on system resources. It was a partial success. While it was a good restart for the Norton line, I still saw my system take a noticeable performance hit during the Live Updates, with a lot of disk thrashing as it processed the chunkier updates. When it wasn't updating, though, it was mostly transparent. The main problem was that it always wanted to update shortly after I logged into Windows, which I found quite interruptive and annoying. I could've turned off the automatic updates, but I tend to forget to turn them back on, and my protection would become outdated.

Well, no more. The folks at Symantec have finally gotten the message, loud and clear. NIS 2009 has several new features designed to significantly lighten the load on your PC. In fact, Symantec went out their way to not only make it faster, but to show you as well (can you say, "win back customers"?). In addition to several key performance enhancements, NIS 2009 includes two CPU meters on its main screen and other visual cues and logs to show how much lighter it is on your system resources. The user interface was also streamlined to present users with cleaner status view:

I'll add that the 2009 line is much more behaved when you're actively using your PC. Rather than interrupting your computer usage with large updates to download and install, it features frequent tiny "pulse updates", which install unnoticed and provide up-to-the-minute protection. Notice that my screenshot above shows that NIS 2009 was updated just "4 minutes ago" -- with the new pulse updates, that's now a very common status as the updates are checked every 10 minutes. The 2009 version also detects when your PC is idle, and waits to run background scans only during idle time (the default trigger is 10 minutes of inactivity, which you can change).

Also new is "full screen detection", which temporarily disables non-essential alerts, updates, and scans while you're running a program in full screen mode, such as while watching a movie or playing a game. Rest assured, the auto-protection feature smartly provides continuous protection while in this "silent" mode. Norton Insight is a new feature which speeds system scanning by identifying files that don't have to be scanned again. It checks your program and system files against a database of trusted programs and displays a large meter showing how many it can skip next time to save you a lot of time. I'm hoping that it also tracks each file's checksum or hash as it's not uncommon for malware to replace system or program files with its own tainted versions.

For further explanation of all the new features and performance enhancements, I'll direct you to the following review and online resource guide which provide more depth:

• PC Magazine Review and Editors' Choice
• How To Master New Norton Internet Security 2009 -- Guides and Tutorials

I'm generally a tough critic of security software's impact on the end user, so using NIS 2009 has been refreshing so far as my laptop seems a bit spunkier. Since the configuration screen has been completely reordered, it took a little time getting reacquainted with it and understanding some of the new functions.

The only downside -- and it's a big annoying one for me -- is that in NIS 2009, Symantec disabled all standard user accounts from being able to change its settings by entering the administrator password. Remember, even if it's your own personal laptop, it's more secure to run programs and access the Internet using Windows accounts without administrator privileges. So I mainly run as a standard user in Vista and only log in as the administrator when needed. However, prior versions of NIS would allow me, as a standard user, to enter the administrator password in NIS when I needed to temporarily disable the firewall or antivirus for troubleshooting, or when a blocked program needed temporary Internet access.

With NIS 2009, I either have to log off or switch users to the admin account in Windows to do this, which is time-consuming and a royal pain. When I inquired about this, Symantec's tech support responded the product team changed this behavior to make it more secure in case users discovered the admin password. Unfortunately, this is faulty logic as users could do a lot more in that situation. I logically suggested that Symantec provide a program update which retains this as the default behavior for maximum security, but which simply adds a configuration setting in which the administrator can re-enable the option to accept the admin password from standard users. In other words, give the customer the choice! Don't just take it away in the name of security.

Last but not least, since the Norton products are now subscription-based: If you have a current subscription for a previous version of NIS or NAV, you should be able to upgrade for FREE to the 2009 versions as I did, and your remaining subscription period carries over. Just remember you need to uninstall any older version first so they don't conflict. I also recommend storing your Norton product activation code in your online Norton account -- it just makes reactivation easier.

It also appears Symantec's tech support has improved over the past year or two. I used both the built-in chat feature as well as the telephone option and both went very well with only a minor wait. While no security suite is perfect (many reviewers report the spam module is still subpar), I'd say that Norton Internet Security 2009 is a welcome advance and it's good to see Symantec getting back in touch with the needs of its customer base.

PC Magazine Going Digital-Only

For you computer enthusiasts, after 26+ years, PC Magazine is discontinuing the print version of the magazine, primarily for financial reasons. The Jan. 2009 issue will be the last print edition, and there will be a digital version instead going forward starting with the Feb. 2009 issue.

While this is certainly a "green" way to go and other publications have already blazed this trail, I'll miss the print version. Why? There's at least one situation where hardcopy is still king -- when you're strapped in while "all electronic devices need to be turned off at this time." Until the rules are changed regarding low-power handheld devices such as the Amazon Kindle, or even your laptop, you can't read eBooks for at least 20-30 minutes at either end of your flight.

Note to Publishers: If you're going to "Go Digital", don't think in paper terms. It's important to offer a downloadable version so we can read it offline when Wi-Fi isn't available, as well as offering versions that don't require an installable reader app, so we can read it on a wider range of portable devices on the go (think iPhone, iTouch, BlackBerry, etc.).

How to Open Two Instances of Microsoft Outlook

Productivity Tip: Sometimes, it's really helpful to have two separate Outlook Windows open. For example, I like to have my e-mail view open in one window while I'm checking my calendar in another. It's even better in a dual monitor setup. That way, I don't have to keep swapping back and forth within Outlook.

However, you can't launch two instances of Outlook from its standard icon -- it just takes you to the previously opened Outlook window. Instead of installing some third-party tools to do this, Outlook 2007 has this feature included. In true Microsoft fashion, it's just not plainly visible from the pull-down menus, not even in the "View" menu where one would expect to find it.

However, once you know where to go, it's very easy to open a second Outlook window:

1. Let's say you're in the e-mail view. In the left-hand pane, right-click on one of the other shortcut buttons, such as Calendar.




2. Next, left or right-click on "Open in New Window", and up pops the new window with the desired view. Voila -- two Outlook views!

You can continue to do this with other views, such as Contacts, to have several different views open concurrently.

[Update 12.3.08: Erik Mazzone just reported on his blog, Law Practice Matters, that this tip works equally well in Outlook 2003 . Erik is a Practice Management Advisor and the Director of the Center for Practice Management of the North Carolina Bar Association.]