Wednesday, March 22, 2006

bdtmz's blog

a blog about technet computer and rlates stuff bdtmz

Wednesday, October 19, 2005

80 Super Security Tips

Whether your PC is 3 years or 3 days old, it faces the same, sometimes scary security issues. Viruses want to attack your system the moment it goes online, spyware is piggybacking with your mail and trying to slide in along with online ads, Trojans lay in wait at every turn and Phish—perhaps the sneakiest attack of all—smile at you while trying to steal your identity.
There are ways out of this mess. These tips can show you what to do, help you better understand the threats and be ready with a plan of counter attack.
It's time to take back your computing life.
Begin perusing our security tips library!
Ads Masquerading As Security Warnings
Advanced Windows Tools Expose All
Anonymize Your Domain Registrations
Avoid Deals Too Good to Be True
Back up System State in Windows 2000
Backing up your Windows Registry
Be careful at public Wi-Fi hotspots
Be careful when reading online mailing list archives
Beware of Rogue Antispyware and Antipop-up products
Block known spyware sites
Browser Hijacks and You
Buy password-cracking software
Change The Privileges Of An Application
Change Your Internet Explorer Layout
Changing Antivirus Protection
Check files safely
Clean up that Boot
Close Windows Messenger Service Hole
Command the Windows Firewall From the Command Line
Debug Websites With Microsoft's Fiddler Powertoy
Disable Windows XP and Me system restore
Don't Sweat The Fragments
Don't attract spam by replying to it
Don't fall for Cyber protection racketeers
Don't fall for fake No Spam lists
Don't get bluesnarfed
Don't get scammed by Online Job offers
Don't open undeliverable messages
Fix Your Hosts File
Free Antivirus Resources
Get A Personal Digital Certificate
Get AOL Not To Block Your Mail
Get Better Security Zone control of My Computer
Get Firefox Nightly Builds
Get help from volunteer forums
How to fix a broken internet connection
How to recognize a browser hijack
Install a pop-up blocker
Install The Updated Netcraft Toolbar
Install the Windows Recovery Console
Intro To Phishing
Investigate That Mystery Executable
Keep it safe on the road
Keep status bar showing
Lock Your Domain Registrations
Log off AIM when visiting other machines
Make a BartPE Boot Disk
Making IE more secure
Migrate To WPA For Better Wireless Security
Opening ports in the Windows Firewall for broken applications
Opening Ports in XP Service Pack 2
Outlook Attachment Security
Playing it safe on eBay and other auctions
Removing/Blocking MyDoom
RunAs adjusts your privileges
Safe Kiosk Computer Usage
Scan Your Network For Vulnerabilities
Setup Limited Users in Windows XP
Setting Up a New Computer the Safe Way
Setting up trusted sites in IE
Slipstreaming Updates into an XP Install
Starting your PC in Safe Mode
Submit Virus Samples To 17 Different Scanning Engines
Support your candidate, not scammers
Turn off your PC at Night
Turning off Outlook's auto-www
Unhide file extensions
Unplug that modem
Update gift PC's
Use Passphrases, Not Passwords
Use System Restore
Use TCP Port 587 For Mail Submission
Use the WinZIP Virus Scanning Feature
Using stronger passwords
Using the XP Firewall
Web site security - know who you are doing business with
What the heck is that file?
When your antivirus or spyware scanner say's it can't fix a file
Wipe data for good
Wireless router security

Tuesday, October 18, 2005

Spurious Warnings Atop Outlook Messages

Microsoft Outlook uses a rectangular bar above the message header to display information and warnings about the message you're reading. It may report that you replied on such a date, that an attachment was suppressed, or that line breaks have been removed. Sometimes, though, you might see a very different message—perhaps something like "This message violates the USA PATRIOT Act" or "ERROR: Microsoft Outlook detected. Get a REAL email client!" As it turns out, anybody who can control the custom headers for outgoing e-mail messages can cause such a warning to appear. E-mail server administrators have this level of control, as do spammers, hackers...and you! Here's how.
Outlook itself doesn't offer sufficient control over e-mail headers, so your first step will be to install and configure the free Mozilla Thunderbird e-mail client. Now launch Windows Explorer and navigate to the folder C:\Documents and Settings\username\Application Data\Thunderbird\Profiles, replacing username with your actual username.
Within this folder, you should find one other folder whose name is a random collection of letters and numbers followed by .default. Open this folder and look for a file within it named user.js. If that file is not present, right-click in the right-hand pane, select New Text Document, and rename the resulting document to user.js, answering Yes when Windows asks if you're sure you want to change the extension. Right-click the user.js file and select Edit to open it in Notepad. Then add the following line to the end of the file:
user_pref("mail.compose.other.header", "X-Message-Flag,Reply-By");
Save the file and quit Notepad.
Now launch Thunderbird and start a new message. Enter the To: address as usual, then click in the space below the word To: to see a list of other available headers. Select X-Message-Flag from the list and enter your chosen warning message. Add the subject, compose your message, and send. A recipient who uses Outlook will see an official-looking warning, though most other e-mail clients won't show it.
You can also force Outlook to use red text for your message's line in the message list. All you need to do is add a date and time to the Reply-By item in the header and make it a time that has already passed.
To do so, pull down the same list below Thunderbird's To: field and add your X-Message-Flag warning, then pull down the list on the next line and choose Reply-By. The date/ time must include your time-zone adjustment in the following format: Apr 1 2005 12:00 -0800. The time information will be appended to the warning message you created.
Now that you've seen how easy it is to make Outlook display an arbitrary warning message, you know to take such warnings with a grain of salt.

Monday, October 17, 2005

Windows Vista: Twenty Questions

Can you change the time without being an admin?
David E.
No. Because of various legal reporting requirements, the date/time stamp on files and e-mail messages can be sensitive information, so a standard user isn't allowed to change the date or time. You can, however, change the time zone, and that's what most people want. —Neil J. Rubenking

What can you tell us about the structure/architecture of this new OS? Is this a rewrite of XP?
Robert Dolliver
When Microsoft first started talking about Longhorn, it gave the impression it was going to do a complete rewrite. At this point, though, Vista is being built on top of the latest version of Windows Server 2003, Microsoft's most robust OS. But much of the core OS has been rewritten. The biggest effort was spent on going through all the code and eliminating defects. I'm sure it won't be perfect, but it's certainly heading in the right direction.
—Michael J. Miller

Have you tested Windows 95/98/NT3/NT4 applications with Vista's File and Registry Virtualization?
File and Registry Virtualization should work no matter which version of Windows the program was written for. This security feature is specifically aimed at "legacy" programs such as those you've mentioned. We can't guarantee it will work properly with these older apps, but it certainly is intended to.—NJR

Will older hardware—printers, scanners, and so forth—work with Vista?
Al Velasco
There's every possibility your old hardware will either require a new driver or won't work at all with Windows Vista. Microsoft provided an "Upgrade Advisor" for Windows XP to check for such conditions and let you prepare. We hope the company will do something similar for Longhorn.—NJR

If I try out Beta 1 on my home computer, what kind of functionality will I lose?
Alice Parker
The beta is "not meant for use on production systems." Translated, that means that you shouldn't install it on a system that contains any irreplaceable programs or data. Just about any functionality might not work, and many features aren't implemented completely. The product looks pretty good and includes most of the expected elements, but you shouldn't depend on it.—NJR

Will Windows Vista dual-boot with Windows XP?
Parthasarathy Mandayam
Yes, even the beta version will dual-boot. Use a partitioning utility to create an area of unused disk space into which Beta 1 will install, then install by booting from the Beta 1 CD. (If you start the install from within Windows XP, you won't be able to format and use that unallocated space.) Run the install as usual. Our observation is that when you boot to XP, you'll see two OS-selection prompts, one from Beta 1 and one from XP. But you can definitely boot either operating system. Note, however, that the beta does not install as an upgrade; you shouldn't count on being able to uninstall it if you install it over an existing Windows XP.—NJR

When you do a search in Vista, will the results appear as you type, as with Apple's Spotlight?
Douglas Decarme

Yes, the results appear right away. As with many third-party search tools, each character you type narrows down the list to items that begin with what you've typed up to that point.—NJR

Windows XP's search engine often failed to find files. Will Vista be any better?
Bob Smith

XP's search is incredibly mediocre—and that's being kind. Vista's search will be a huge improvement. Whether it will be better than the indexed desktop search tools from X1, Yahoo!, Google, and so on is questionable, though. On the other hand, it will likely be more tightly integrated into the OS than those other tools can be.

We use a number of 16-bit utilities. Will 16-bit apps run in the Vista environment?
Michael Hartry

We've tested some 16-bit apps and they do run, so there's a fair chance yours will work, too. But you'll definitely want to test them, because the programs won't be allowed to compromise the operating system's security.

Will I be able to install Vista on a Celeron 466-MHz PC?
Nikhil Baxi

Microsoft's stated requirements include a "mainstream Intel or AMD processor," which fits the Celeron. But the requirements also insist on 512MB RAM and the "designed for Windows XP" logo. I'm not sure your Celeron will meet that last condition, but Vista might work anyway.

What is your estimate on the time it would take to deploy the new OS, and how much employee training is needed?
It very much depends on your environment, but deployment should be much easier. You install and set up Vista using a single image file, and in some cases you can even add and remove features individually from the image file. The base OS won't require a lot of retraining, but of course there are differences. We'll know more when we see the final UI in Beta 2 (expected in early 2006)

Will the image-based install replace Ghost?
Robert Royce
No, that's not its purpose. Big companies will use a deployment tool called (at present) XImage to build and maintain their company-specific installation images, but the average user won't have much to do with these images after the initial installation

How well will drive defrag and drive cleanup work?
Rodney Hall
How well things will work and other performance issues can't be answered now. The beta is definitely not performance-tuned. Wait for Beta 2 at least.

Will there be a "classic" view so you can retain the Windows 2000 look and feel?
Paul Wigutow

Yes. Systems without the graphics power to run Aero or Aero Glass will automatically use the classic view. But you can choose to use it in any case, regardless of hardware.

If you do things like change the screen resolution or move the taskbar, will they affect all user accounts on the PC or just the account that made the change?
Robby Criswell
That depends. By observation, the taskbar position is retained on a per-user basis. But the screen resolution (at least in Beta 1) is global—change it for one user and you change it for all

Please explain what WinFS is and what it will provide. What is the difference between NTFS and WinFS?
Kurt Moskal
WinFS (Windows Future Storage) is a database-backed layer on top of NTFS. Or rather, it will be if and when Microsoft releases it. The average user won't see it; it's the kind of feature that makes a difference only to developers. Assuming WinFS does reach release, it may change the way we use the file system . . . or not. Using it, a developer can cause any object to be treated as part of the file system, including objects inside standard files.—NJR

Windows XP indexing caused a fair amount of overhead. Is this improved in Vista?
Michael Sexauer
There's some overhead with any indexing, but Vista's speed seemed reasonable on a notebook. It's certainly better than the basic indexing service in XP (but then, so are Windows Desktop Search, Google Desktop Search, Yahoo! Search, and X1).

Is Giant AntiSpyware included in Vista?
John Lanier

Microsoft has stated only that there will be additional spyware protection in Beta 2 or later. Since the company bought the rights to Giant's product (what's now Microsoft AntiSpyware), we're guessing that this product will be at least part of that protection. But Microsoft isn't saying.

Is Windows Vista a 64-bit operating system?
Dale Linneman
Microsoft has stated that the 64-bit edition will be released on the same schedule as the 32-bit edition, and that there will be very little difference other than the obvious ability to run 64-bit programs.

Sunday, October 16, 2005

Font Size in Balloons

I like using the "comment" feature in Microsoft Word, especially when typing notes for a presentation. The comment box can help to remind you of additional information. But I'd like to increase the font size within the comment box. Is there any way to do this?
Walter Koch
If you want to change font size in the comment balloons on the fly, you're out of luck. You can highlight text within a comment balloon and apply many kinds of formatting—make it bold or italic, or change the typeface, color, and highlight color—just about everything but the font size. One workaround is to view the comments in the Reviewing Pane. If the Reviewing toolbar isn't visible, right-click in the toolbar area and select it. Now click the Reviewing Pane button (by default, the rightmost button on that toolbar) or click the Show button and select Reviewing Pane. You can now see your comments with all formatting in a pane at the bottom of the Word window.
But if you want to use a different (fixed) size in the comment balloons, that you can do—by modifying the style called Balloon Text. Choose Format Styles and Formatting from the menu. Look for Balloon Text in the list; you probably will not find it, as it's hidden by default. Click the drop-down list labeled Show at the bottom of the Styles and Formatting bar and select Custom. This will display a Format Settings dialog with a list of checkable items titled Styles to be visible. Find Balloon Text in this list and check its box, then click OK. Now select Balloon Text in the list, click the down-arrow button next to it, and choose Modify. Pick the typeface and font size you want, check the box titled Add to template, and click OK.

Thursday, October 13, 2005

Tips and Tricks for Hacking Google

Extreme Google Local

Think Google Local (formerly Google Maps) is cool and useful? As Al Jolson used to say, "You ain't seen nothing yet!" There are many amazing applications that layer information on top of Google Local, such as live traffic information, crime maps, and so on. All this is made possible because Google freely publishes an Application Programming Interface (API) that lets people create applications on top of Google Local.
Here's a short selection of some of the best:

Google Traffic Maps ( Want to make your morning or afternoon commute a little easier? Before you leave home or the office, head to this site, then type in your city and state or zip code, and you'll see a map that shows you a Google map of your area, with traffic hot spots superimposed on top of it. Click a spot to get details of the holdup.

NYSee ( If you live around New York City, you can do even better—this site shows you locations of live traffic cams throughout the metropolitan area. Click on any to see the live view of traffic. The page also includes traffic advisories for specific locations.
Zip code finder ( Having trouble finding a zip code for a location? Just head to this site, click a location on a map or do a search, and you'll be shown the zip code. It's also a reverse zip code finder, so you can type in a zip code and it will show you where it is.
Find cheap gas ( One thing you can count on—gasoline isn't getting any cheaper. But driving from gas station to gas station trying to find the least-expensive prices is self-defeating, because you'll spend so much extra time and money driving around. This site solves the problem. Head to it and search for cheap gas using the "regular" tag, include your zip code, and you'll be shown locations of the least-expensive gas within five miles.

Update Blogger from Anywhere
Google owns the big blogging service Blogger (, which makes it easy for anyone to create their own blogs for free. And a couple of free tools from Google make it easy for you to update your blog without having to visit the Blogger site.

To update your blog wherever you are on the Web, first download and install the Google toolbar ( Then turn on its Blog This! feature by clicking the Options button, clicking the More tab, checking the box next to "Blog This!," and clicking OK. The Blog This! button now shows up in your toolbar.

When you're on a Web page that you want to write a blog entry about, click the Blog This! button, type in your Blogger user name and password, and a small window opens that already contains the title and URL of the page you're visiting. Type in your blog entry, and you can use built-in tools for formatting text and creating links. When you're done, you can save a draft or publish the entry right away to your blog, by clicking "Save as Draft" or "Publish."
Another free add-in lets you update or edit your blog when you're using Microsoft Word. Go to and download the add-in. It installs new buttons that let you post to your blog straight from Word. After you write your post, click the "Publish" button to publish it, and click the "Save as Draft" button to save it as a draft. You can also edit posts you've already created. Click the "Open Post" button to open your last 15 posts right into Word, so you can edit and post them. You'll of course need to be connected to the Internet to do all this. The add-in requires Windows 2000 or higher and Word 2000 or higher.

Dig Deeper into the Web with Google AutoLinks
Google's search technology makes it easy to find untold amounts of amazing information and maps. But it often takes too much typing or too many clicks to get there. If you're visiting a page with an address on it and want to map that location, for example, you have to copy the address to the Clipboard, head to Google Local, and paste the location into Google Local before you see the mapped results.

The Google Toolbar AutoLinks feature eliminates all those steps. A little-used feature of the Google Toolbar, it searches every page you visit, looking for addresses, VIN (Vehicle Information Number) numbers, book ISBN numbers (every book is identified by a unique ISBN number), and more. Then it creates a link on the page itself for each piece of information it finds. Click an autolinked address, for example, and you'll immediately be sent to a map of the location in Google Local. Click an ISBN number, and you're sent to the Amazon page about the book.
To use the feature, download and install the Google toolbar ( Then turn on its AutoLink feature by clicking the Options button, clicking the Browsing tab, checking the box next to AutoLink, and clicking OK.

Now whenever you're on a page in which you want to dig deeper, click the AutoLink button. It creates links to whatever it can and highlights those links on the page. It also creates a list of every AutoLink on a page, as shown in the nearby figure

Tips and Tricks for Hacking Google

Other Google Services

Browse Froogle's Hidden Directory
Froogle ( is a great place to find deals on just about anything you want to buy online. Type in a product name or type of product, and you'll find links to the products for sale, allowing you to compare prices and features. But Froogle has one problem compared to other price-comparison sites such as PriceGrabber ( or NextTag ( It apparently doesn't have a directory, so you can't browse for products—you can only search using the usual bare-bones Google search.
In fact, though, there is a hidden Froogle directory you can browse. Get to it at, pictured in the nearby screen.
The directory works like any Web directory. Click to categories and subcategories to find the products you want. What makes the directory particularly useful is that when you browse through it, you can do highly targeted searches. When you're at a category or subcategory and you do a search, you're searching only within that category or subcategory, instead of all of Froogle, making it easier to find your desired product quickly.

Turn Your Google Homepage into an RSS Reader
Google's new Personalized Home page is a departure from the classic, bare-bones Google screen. Similar to Yahoo!'s My Yahoo feature, it includes customized news, stocks, weather, and other information. But its best feature may be its ability to become a simple-to-use RSS reader so that you can keep up with your favorite blogs and other RSS feeds.
If you haven't yet created your Google Personalized Home page, go to Google and click "Personalized Home" at the top of the page. If you have a Google account, you'll have to sign in. If you haven't yet created a Google account, you'll be prompted to do so.
Once you create your account, go to It won't be the usual bare-bones screen. There will be a variety of news and content there. To add new sources of content, click "Add Content" and click the category and type of content you want to add, for example, news from the New York Times or Movies information. But the amount of content you can add like this is relatively limited compared with all the information available on the Web. The real power of the page is in its ability to display RSS feeds.
To add an RSS feed, click "Add Content" and then "Create a Section." If you know the URL of the feed, type it into the box and click Go. The feed will now automatically be added to your Personalized Home page. Under the feed will be the headlines of posts; click on any head to see the full article in the Web site where it originated.
It's easy to rearrange feeds on your page; you can drag the entire feed to any location on the page by moving your mouse to the right of its name until a four-headed arrow appears, then dragging it to where you want it to be. To change the number of headlines that appear on your page from the feed, click "edit" next to the name of the feed and select the number of headlines you want displayed (you can choose between one and nine).
What if you don't know the URL of the feed, or you want to search for feeds? Click "Create a Section" and then type in the term that describes a feed you're interested in. A list of feeds appears, as shown in the nearby figure. Select a feed and click "Add," and the feed will be added to your page.
Search Through and View TV Shows with Google Video
As we were preparing this story, Google was testing yet one more amazing search tool: a way to search through and then view TV shows, including news, entertainment, and more, for free. The search includes not only national networks, such as ABC, CBS, NBC, and CNN, but also local programming and shows from around the world.
At press time, no link could be found to the service from Google, so you may not be able to get there unless you know the URL for it. By the time you read this, the URL may have been added to the list of Google's visible services, but if not, here's the secret URL:
When you type in a search term, Google Video searches through closed-caption transcripts of TV shows, then displays a list of shows that contains the term in the transcripts. Click the show for more details, including the date and time it was broadcast. In some instances, you'll only be able to see stills of the show and a transcript. In other cases, you'll view the video when you click it.
There are several ways to fine-tune your video search. You can, for example, search only through a particular network, by typing "channel" in front of your search, then the channel you want to search, and then your search term, like this:
Channel:CNN Iraq
(For a list of channels you can search, go to this Web page:
You can also search only through a specific show, by typing "title" in front of your search, then the title of the show, and then your search term, like this:
Title: Nightline Iraq
If you want to make sure to also search through local news, you'll have to tell Google Video where you live. To do that, click Preferences, then type your zip code in the Location box and click Save Preferences.

Tips and Tricks for Hacking Google


Use Gmail As a POP3 Account
Gmail is a Web-based e-mail service, but if you can also use your normal e-mail software to send and receive mail from it. It's a two-step process: First configure Gmail, and then configure your e-mail software to use Gmail.
In Gmail, click Settings and then click the "Forwarding and POP" link at the top of the page. The nearby screen appears.
If you want your e-mail software to retrieve all the e-mail you've ever received on Gmail, choose "Enable POP for all mail." Be careful before making this choice, because you could end up downloading hundreds of megabytes of mail when you make your first connection to Gmail using your e-mail software. Keep in mind that even if you have only a few messages in your Inbox, that's not all the e-mail you have in your Gmail account. You might have hundreds or thousands of messages in your Archives folder.
If you choose "Enable POP only for mail that arrives from now on," only those messages you receive after this point will be downloaded to your e-mail software.
Next, make your choice about what should happen to your Gmail messages: Should they be kept on the Gmail server, and if they are, should they be kept in the inbox or in the archived mail? Here are your choices.
Keep Gmail's copy in the Inbox
This will leave all new mail on the Gmail server, and leave it in your inbox. That way, even after you download it to your PC, it will stay in the Gmail inbox on the Web, as if you hadn't read it.
Archive Gmail's copy
This will leave all new e-mail on the Gmail server, but instead of putting it into your inbox, it will move it to your archived mail. So, whenever you visit Gmail on the Web, if you want to see the mail, go to your Archive.
Trash Gmail's copy
This will move all the messages to your Trash, where it will be cleaned out by Gmail on a regular basis.
Now it's time to configure your e-mail program to get your Gmail mail. You set it up as you do any other new mail account. For your POP3 server, use, and for your SMTP server, use When setting it up, make sure to tell your software to use a secure connection (SSL) for both SMTP and POP3.
Here's how you would set up Microsoft Outlook for POP3 Gmail. After you've enabled POP3 access in Gmail, launch Outlook and choose ToolsE-mail Accounts. Choose "Add a new e-mail account" and click Next. From the Server Type screen that appears, choose "POP3" and click Next. On the screen that appears next, enter your Gmail name, your e-mail address, and your username and password. In the Incoming Server (POP3) box, type "," and in the Outgoing mail server box, type "" Check the box next to "Remember password."
Now, click More Settings and then choose the Advanced tab. In both the POP3 and SMTP sections, check the box next to "This server requires an encrypted connection (SSL)." When you do that, the port numbers for the servers will change. For POP3, the port number should change from 110 to 995. If it doesn't, type 995 in the Incoming Server (POP3) box. For SMTP, type 465 in the Outgoing Server (SMTP) box. Now click the Outgoing Server tab. Check the box next to "My outgoing server (SMTP) requires authentication." Select "Use same settings as my incoming mail server." Click OK. Click Next and then Finish. You should now be able to send and receive mail using Gmail.
Import Your Contacts into Gmail
You've most likely got dozens or hundreds of contacts in your existing e-mail software. The last thing you want to have to do is retype them all into Gmail. You don't have to, if you use this tip—you can import contacts into Gmail from your e-mail software. Gmail can import contacts in the comma-separated values (CSV) format, so first you have to export your contacts into a CSV file and then import them into Gmail.
How you export your contacts varies according to your e-mail software. In Outlook, choose File->Import and Export, and the Import and Export Wizard launches. Choose "Export to a file," click Next, and from the screen that appears, choose "Comma Separated Values (Windows)." From the next screen, choose your Contacts folder, and click Next.
From the screen that appears, give the file a name (a .csv extension will be automatically added to it), browse to the folder where you want to save it, and click Next and then Finish. Your contacts will be aved in the .csv file.
Now that you have the file ready, go to your Gmail account and click Contacts on the left side of the screen. Click Import from the upper-right side of the page that appears. Click the Browse button; then, navigate to the folder where you've exported your contacts, select it, and click Open. Click Import Contacts.
After a minute or more, depending on the speed of your Internet connection and how many contacts you're importing, you'll get a message telling you that your contacts have been imported, and listing the total number of contacts you've imported. Click the Close button. Now your contacts will be available in Gmail. To see them, on the Contact screen click All Contacts.
Customize the From: Address on Outgoing Mail
Many people use Gmail as a secondary e-mail account to, for example, send and receive mail when they're away from their office. That means that they may want to send mail from Gmail, but receive a response from the recipient using their normal or primary e-mail software.
There's a way to do it, by customizing your From address on outgoing mail from Gmail. So you can, for example, have your primary, non-Gmail address in the From field, so that when people respond to your mail, it will go to your primary account, not to Gmail.
Here's how to do it.
Click the Settings link along the top the page, and then click the Accounts tab.
Click "Add another email address." Enter your full name in the "Name:" field. In the Email Address box, enter the From address you'd like appear in your outgoing Gmail messages.
You also have the option of having the mail go to yet a third e-mail account, instead of to your Gmail account, or to the alternative From address. If you want to do this, click "Specify a different reply-to address" and then enter the e-mail address where you want the mail to go. Click "Next Step >>," and then click "Send Verification" to complete the process. Gmail will send a verification message to your other e-mail address to confirm that you'd like to add it to your Gmail account. You'll need to click the link in that message, or enter the confirmation code in the "Accounts" section of your Gmail account to complete the process.
Once you've verified that you'd like to add the address to your account, you can start sending messages using your custom From: address. Whenever you compose a piece of mail, in the From field, choose either your normal Gmail address or the new address you just added.
Get Instant Gmail Notifications
One problem with Web-based mail like Gmail is that there isn't always a way to check your e-mail automatically or have it alert you when there's new mail waiting. But a Gmail add-in from Google, Gmail Notifier, solves the problem neatly by alerting you when you have a new Gmail message. And it does more than alert you; it shows you the subject lines, who sent the message, and a brief snippet of the e-mail itself, so that you can decide whether it's worth your while to open Gmail and read the full message. It runs as a little applet in your system tray, so you don't need to be running a browser in order to use it.
Download it from After you install it, you'll be prompted to log into your Gmail account. It then runs as a small icon in your system tray, and when you have new mail, it shows a small alert, as you can see in the nearby figure. To view the mail, double-click the Gmail Notifier icon, and you'll be sent straight to your Gmail inbox.
By default, Gmail Notifier checks for new e-mail every 2 minutes. If you want to check your mail immediately, left-click it and choose Check Mail Now from the menu. And if you want Gmail Notifier to go back through your inbox and show new mail, left-click it and choose "Tell Me Again."
Solve E-mail Overload with Labels and Filters
Gmail is free and easy to use, but its several gigabytes of free hard drive space can sometimes turn into too much of a good thing—with all that space, you might not bother to delete old mail. If you think managing e-mail clutter on a desktop mail client is difficult, just try doing it in a Web-based app like Gmail.
You can solve the problem using two somewhat confusing Gmail features—labels and filters. A label is the term that Gmail uses for a mail folder, so when you create a new label, you're sort of creating a folder into which you can put all e-mail related to a topic—for example, family, friends, projects, and so on. A filter, on the other hand, applies rules to incoming messages and handles them according to those rules. Filters and labels go hand in hand—first you create labels, and then you create filters to route e-mail into those labels. So, for example, you could use a filter to route all incoming mail from your mother automatically into the "Mama" label.
From your Gmail inbox, put a check box next to a message or a group of messages to which you want to apply a label, and choose "New Label" from the drop-down box at the top of your Gmail inbox. (If you're already reading a message, choose New Label" from the drop-down box at the top of the message.) From the screen that appears, type in the label name and click OK. The new label will be created, with the piece of mail in it. It will appear on the left side of your Gmail screen, underneath "Labels." Click the label name, and you'll see all the mail you've checked on your inbox when you created the label. To add mail to the label, go back to your inbox, check all the mail to which you want to apply the label, and select the label name from the drop-down box.
Labels function slightly differently than folders. When you apply a label to a message, it doesn't actually move out of your inbox; it stays there but also shows up in your label. So you can have the same message appear in numerous labels as well as in your inbox.
Now that you've created a label, create a filter that routes all new mail to that label as soon as you receive it. Click "Create a Filter" from the top of a Gmail screen. The screen shown in the nearby figure appears.
Choose the criteria you want to use for the filter, for example, someone's name, the subject of the message, whether it has an attachment, whether it contains certain words, or doesn't contain those words. Then click "Next Step." Choose the action you want the filter to take, which in this instance will be to apply a label, so check the box next to "Apply the label" and choose the label from the drop-down list. If you'd like the mail not to appear in your inbox, and instead appear in the label (and in your Gmail archive), check the box next to "Skip the Inbox (Archive it)". Click "Create a Filter" and the new filter will be created, and the matching incoming mail will be automatically routed to the label you've created.

Tips and Tricks for Hacking Google

We all live in Google. It's more than merely the one of the best search sites on the planet; it has become a constellation of sites and services, from desktop applications to Internet-based applications and destinations, and it's even branching out into offering free Wi-Fi service.
In short, Google is its own universe—and like the universe after the Big Bang, it's constantly expanding.
That means that becoming Google-savvy is as important, and possibly even more important, than becoming Windows-savvy. After all, Microsoft Windows is just an operating system. To do anything useful with it these days, you need Google or one of its many services.
To help you get the most out of this brave new universe, we're presenting more than 30 Google tips and tricks. They'll help you get more out of the Google Desktop search application; Gmail, Google's unique and useful free online e-mail; and a variety of other Google services, such as Google Video, Google Maps, Froogle, and more. Oh yes, we forgot . . . Google is a search engine too, isn't it? So we include tips for better Google searching as well.

Google Desktop

(Note: For the tips in this section, you'll need Google Desktop, Google's free desktop search application. Get it at
Change the Location of Your Google Desktop Index
Depending on how many files you have on your PC, the search index Google Desktop creates can get pretty substantial—easily 1GB or more. If you don't want the index clogging up your main drive, you can easily move it to a different drive. To move it, follow these steps:
Exit Google Desktop.
Open Windows Explorer and navigate to C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Google Desktop Search, where USERNAME is your user name.(Note: Local Settings is a hidden folder, and you might not be able to see it. If you can't, you can unhide it. To unhide it, In Windows Explorer, choose "Folder options" from the Tools menu. Click the View tab, and under "Hidden files and folders," click "Show hidden files and folders." Then click OK.)
Move the entire Google Desktop Search Folder to a different drive. You don't have to replicate the entire original folder path—you could, for example, move it to D:\ Google Desktop Search.
Open the Registry Editor by choosing Start->Run, typing regedit, and clicking OK.
Go to HKEY_CURRENT_USER\Software\Google\Google Desktop.
In the right-hand pane, double-click "data_dir" and change its value to the new location of the Google Desktop index, for example, D:\ Google Desktop Search.
Exit the Registry editor.
Restart Google Desktop search.
Google Desktop search will function as it normally does, except that the index will be in its new location.
Revisit the Past with Google Desktop
Have you ever wished you had a diary of your computing workday—a detailed rundown on every file you opened and saved and when you did it, every Web site you visited and when you visited it, every e-mail you received? Perhaps you need that information because you're a consultant or get paid by the hour. Or maybe you want to retrieve a file or e-mail, but only remember what day you worked on it or opened it, but not much else about it.
In those cases, you can revisit the past using the Google Desktop's Browse Timeline feature. This nifty tool will show you, for any day, all the files you opened and saved, the sites you visited, and the e-mail you received, in a minute-by-minute breakdown, as shown in the nearby figure.
To browse your timeline, double-click the Google Desktop icon, and from the screen that appears, click "Browse Timeline." You'll be brought to today's timeline, with your most recent events at the top. (For the Google Desktop, everything is an event—a file, an e-mail, a Web site, and a chat.) To open a file or e-mail, or to visit a Web site, click on it, and it'll open in your application, browser, or e-mail software. Navigate to earlier parts of the day by clicking "Older" or "Newer." Jump to different days using the calendar and drop-down list on the right side of the screen.
You can also filter the events, so that you could, for example, only view documents, or e-mails, or Web sites. To do so click "emails," "files," "web history," or "chats" at the top of the window.
The timeline has one drawback: For those who use their PCs frequently (which means most of us), it gets very cluttered, with hundreds of events and files every day. There's a way to cut through the clutter, though. You can remove any event from the timeline. When you remove an event, you don't delete the underlying file, e-mail, or whatever. You only remove it from the timeline. To remove events, click "Remove events" on the right side of the screen. All the events shown on your screen will be displayed, with boxes next to them. Check any you want removed, and click "Remove."
Power Up Google Desktop with Plug-Ins
Google Desktop does plenty, but there's a lot it can't do. Wouldn't it be nice, for example, if it would sort your results by name and date? How about the ability to index and search more file types than Google Desktop can normally do?
You can do that, and a lot more—even including controlling your iTunes player—with Google Desktop Plug-Ins. They're free and they install right inside Google Desktop. To get them, go to Here's a list of some of the more useful and intriguing ones:
Google Desktop Extreme
This is the ultimate tool for power searchers. It lets you sort your results by name, date, file type, or relevance, and offers auto-complete for faster typing of searches and to recall previous searches. It'll also show thumbnails when you browse images. There's more as well, including the ability to use skins.
Archives plug-in for GDS
One thing that Google Desktop Search won't do is index and search inside archives, such .zip, gz, tar, and rar. So if you have archive files, you won't be able to find what's in them. This plug-in solves the problem. It indexes and lets you search through 7z, arj, bz2, cab, gz, tar, rar, and zip archives. It also will search through nested archives as well, so if you have ZIP files within ZIP files, you'll be able to find them.
Google Desktop Extra Images Plug-in
Google Desktop indexes and finds many standard image files, including jpg, gif, bmp. But what if you've got .tif, .pcx, .wmf, or other file types? Turn to this plug-in, which indexes dozens of graphics file types, and lets you find them with Google Desktop.
System Monitor
This neat little applet runs in the Google Desktop sidebar and monitors and displays information about your system—the amount of CPU being used, input and output performance, virtual memory being used, and other things at which uber-geeks like to stare.
If you use iTunes to play music, give this sidebar applet a try. It lets you control the player, and includes controls for play/pause, next song, previous song, repeat one/all/off, shuffle on/off, show/hide iTunes, and song rating.
Manage Your Google Desktop Indexing
After Google Desktop installs and indexes your hard drive, it continually updates that index. By default, it indexes your C:\ drive, but no other drives, and no network drives.
You can, however, change all that—you can add new drives, including network drives, and you can tell it to exclude specific folders, URLs, entire domains, and file types. And you can turn the indexing on and off at will.
Most of this is controlled from the Preferences page. To get to it, right-click on the Google Desktop icon in your System Tray, and choose Preferences. You'll see a screen like that shown in the nearby figure.
To add another drive to index, or to add a network drive or folder, click "Add drive or folder to search," browse to the drive or folder you want to index, and click OK. You'll have to do this each time you want to add a new drive or folder. Click Save Preferences, and the new drive and folder will be indexed when Google Desktop does its normal indexing.
To exclude a folder or even an individual file, from the index, click "Add file or folder to exclude," browse to the drive, folder, or file you want to exclude, and click OK. You'll have to do this each time you want to exclude a new drive, folder, or file. To exclude a URL or domain, type it into the box next to Add file or folder to exclude, and click Add URL. Make sure to include the http://. If you add a domain, all the pages and subdomains underneath it won't be indexed. Click Save Preferences, and the folder, drive, URL, or domain will be immediately excluded from the indexing.
To exclude entire file types, go to the Search Types section, uncheck the boxes next to any file types you don't want to be searched, and click OK. The files will be immediately excluded from the index. When you choose this, files already indexed aren't actually deleted from the index. Instead, Google filters them out when doing a search. So if you decided to include that file type, those files already indexed will show up in your search results
Power Up the Sidebar to Read Blogs and RSS Feeds
The Google Sidebar is one of those features that you either love or hate. When you install Google Desktop, it's turned on by default and runs down the right side of your screen, and displays a wide variety of information in individual panels—news articles, e-mail, clips from the Web, photos, and more.
I've found that most people turn the Sidebar off, because it takes up screen space and is usually too confusing to use. But when configured properly, it's a great tool for displaying and alerting you when there are new blog posts, new e-mail, and more. Here we'll show you how to use the Sidebar as an RSS reader.
Start off by killing the clutter so that it'll be easier for you to read blogs and other RSS feeds. By default, the Sidebar displays far too many panels; it includes everything from photos to stock information, weather reports, e-mails, news, and even a "Scratch Pad" for taking quick notes. To remove a panel, click the down arrow at its far right, and select "Remove." To remove many at once, click the down arrow at the top of the Sidebar, select "Add/Remove Panels," and remove the ones you don't want. Make sure that you leave the Web Clips panel, because that's the RSS reader.
By default, the Web Clip panel picks up two RSS feeds—the CNN top-stories feed and the official Google blog. To add others, click the down arrow on the Web Clips panel, choose Options, then type in the URL of the RSS feed you want to add and click "Add URL."
What if you don't know the feed URL? No problem. As you browse the Web, Google Desktop automatically gathers the URLs of RSS feeds as you go. So head to the blog or page you want to read using RSS, and Google will automatically pick up its URL. Once you've visited the pages, follow the steps for adding an RSS feed from scratch, outlined in the previous paragraph. You'll notice at the bottom of the screen the names and URLs of all the RSS feeds associated with pages you've visited. Select the one you want to read in the sidebar, click Edit, then press Ctrl-C to put it into the Clipboard. Click OK, and then when you're back on the Web Clips Options page, paste it into the "Add URL" box and click "Add URL." If you're looking for an RSS feed for a site you've recently visited, click the Add Recent Clips button, highlight the RSS feed you want to view, and click OK twice.
Once you have the feeds you want, they'll automatically show up in the Sidebar. Click any you want to read, and it will expand out so you can read the entry in the Sidebar itself. Click the headline to visit the entry on the Web site.
If you want to see more than the handful of entries, click the double-headed arrow on the Web Clips pane, and a long list of entries will appear.
(Note: If you want to check out a Google service devoted only to reading RSS, check out

Wednesday, October 12, 2005

Spyware and Adware: A Warrior's Guide

In a recent discussion with Symantec Corporation, I learned that Symantec found itself forced to start dealing with spyware and adware simply because users of Symantec antivirus programs really couldn't tell the difference between a system infected with malware (virus, Trojan, worm, and so forth) and a system infested with adware or spyware. In fact, I was told that for the past 3 months, nearly one out of every five calls for help to Symantec ended up involving spyware or adware rather than malware.
Before you feel sorry for those poor ignorant folks who can't tell the difference, stop and think about the most common symptoms. As it happens, some forms of spyware or adware can present the same sorts of telltales that malware can—namely diminished performance, system instability that can be occasional or more constant, mysterious appearance of new processes, Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports opened for no apparent reason, and so forth. However, other symptoms of adware or spyware—such as increased pop-up ads, or changes to default home pages or search engines—seldom occur from malware, if ever.
These days, malware experts recognize that certain threats should rightly be called blended, in that they combine virus, worm, and sometimes even Trojan characteristics within a single executable. But in some cases, the same is true for spyware, in that it may include Trojan characteristics (reporting of data gathered or harvested from user machines has to occur somehow, and some such software uses Internet Relay Chat [IRC] or other instant messaging services, or may simply open specific ports to signal its readiness to serve up information on demand; other types are more aggressive and include back doors or clients designed for unadvertised and unauthorized remote access). Likewise, some adware also includes mechanisms to transfer ads to user machines so that they can be displayed even when a PC isn't logged on to the Internet (and boy, can that ever give you a case of the creeps the first time that happens)!
The boundaries between malware, adware, and spyware are getting harder to draw cleanly, so we can't help but observe that Symantec isn't the only vendor with a well-known set of anti-virus tools (not to mention other personal and organizational security offerings) that is taking steps to exclude adware and spyware using its protective shielding—there's an increasing trend among the major players to make antispyware/anti-adware part of their offerings, and to include such functionality in their bundled products as covered in Appendix A. But where a sense of urgency and importance in protecting one's PC from malware is pretty well understood and established, protecting oneself against adware, spyware, and other forms of unwanted software and content is really just starting to take hold. In fact, in a July 2004 report from Trend Micro (makers of PC-Cillin, another well-known antivirus package with growing antispyware and anti-adware coverage) includes this chilling statement: "Reports now show that nearly one in three computers are infected with a Trojan horse or system monitor planted by spyware. These hidden software programs gather and transmit information about a person or organization via the Internet without their knowledge." According to definitions presented earlier in this book, it's hard to say what's spyware and what's malware because of these capabilities—it's really both!
Microsoft's Protect Your PC Web page fails to make this case. Although the company clearly recognizes the importance of patching a PC's operating system (and especially, of keeping up with security updates), strongly recommends the use of a firewall, and stresses use of up-to-date antivirus software, it omits mention of any need to protect PCs against adware, spyware, spam, and other forms of unwanted software and content. I'd argue that the company's more protective security defaults in Windows XP Service Pack 2 (SP2), along with the pop-up blocker in Internet Explorer (IE) and the more capable Windows Firewall, signify Microsoft's growing sensitivity to such matters. But the company's failure to mention adware or spyware does not mean you needn't worry about its potential impact on your PC, or that you shouldn't add some kind of antispyware and anti-adware software to your personal PC security arsenal.

What Are Spyware and Adware, Really?
You've already seen formal definitions for these terms earlier in this book, but their essence is that both types of software enter a system uninvited and often without soliciting permission. Whereas adware may sometimes claim it's been granted permission because of terms and conditions buried somewhere in fine print in a multipage software license or end user license agreement—you know, the ones where you click "I agree" without necessarily reading all the fine print—most experts agree that claims of full and open disclosure as a result are not credible or terribly ethical. Spyware seldom seeks to cloak itself in respectability, but some kinds of spyware—especially browser cookies designed to profile visitors who return to a Web site—may also be granted user permission through licenses or usage agreements. What's different about spyware as compared to adware is that it gathers information about users so it can report it to a third party. What's different about adware as compared to spyware is that it seeks to create conduits for sending or displaying advertisements (and may also collect user information to better target ad selection based on user preferences, sites visited, items purchased, and so forth) as a primary objective.
How would you classify an item of software with the following characteristics?
• Shows up uninvited, and attempts to foil various potential means of detection (antivirus, antispyware/anti-adware, and sometimes even firewall software). Does everything it can to stay hidden and remain undetected. These are characteristic of spyware, adware, and malware alike.
• Scans all files on the computer on which it resides (especially e-mail messages, documents, text files, and other sources of personal information), harvesting names, addresses, phone numbers, social security numbers, bank account information, credit card numbers and other related data, and so forth). Stores all of this information in some covert manner, possibly encrypted. This is a typical characteristic of more malicious forms of spyware.
• When some time or data collection threshold is passed, opens a "safe" port on the infected computer and uploads all harvested data to a server elsewhere on the Internet. As soon as the upload concludes, the open ports are closed and the software goes back into hiding. Alternatively, the software could create an e-mail message, and then use a client e-mail package to send it or employ its own built-in Simple Mail Transfer Protocol (SMTP) engine. This opens a back door to communicate private, confidential information without a user's knowledge or consent and is characteristic of spyware and some Trojans.
First, it's important to state that, as I write this chapter, no known malware or spyware exhibits this exact collection of characteristics. Security experts also believe that malware is changing from a hobbyist or "mountain climber" mentality (those who do things for fun, or because they can or want to prove they can) to more of a professional criminal mentality. Now that repeated exploits have demonstrated how vulnerable common operating systems and applications can be, professional criminals can't help but recognize serious opportunities to practice identity theft and use that information to steal money from unsuspecting Internet users. Many American households carry $20,000 or more in combined lines of credit and unused credit card balances; without careful fraud detection and alerting from card issuers, those same households might have to wait until their next statement to realize they've been victimized. Right now, the code to do all of the things described in the preceding list already exists in bits and pieces, so now new technology is needed to stitch them together and create a single program with all those characteristics.
Facing a threat of this nature, who cares if it's spyware or a Trojan? In fact, it's a blended threat and one with economic consequences of enormously grave proportions. Although I'm aware of nothing like this in the wild just yet, it's probably just a matter of time before something indeed comes along.
Why Install Antispyware/Anti-Adware?
Financial Armageddon aside, less damaging forms of spyware and adware have their own downsides. From the standpoint of simple irritation (or user's rights), nobody likes to see an unwanted piece of software changing home page selections, resetting search engines, or installing unwanted toolbars, ad engines, or other things designed to enhance somebody else's opportunities to take advantage of your Internet access. Likewise, because some adware or spyware causes system performance to degrade, or makes systems unstable, it's simply got to go. In Chapter 4, you should have gotten the sense that manual removal of spyware or adware can be time-consuming, tedious, and sometimes downright difficult. Because that's increasingly the case as new forms of adware and spyware are discovered, I believe installing antispyware/anti-adware software is both appropriate and effective.
Remember also that there are two ways in which antispyware/anti-adware software is designed to be used:
• Scanning, detection, and removal—This uses the software to systematically examine a system's memory, important data structures, and files to look for traces of spyware or adware. During the scanning process, all such identifications are logged and then reported to the PC's user. Users can decide on a wholesale or a per-item basis which items they might wish to keep or remove, after which the software handles cleanup and removal activities automatically for all selected items.
• Real-time detection and blocking—This requires that antispyware/anti-adware software be running all the time, and that it be allowed to inspect all incoming data on a PC—instant messages, file transfers, e-mail, Web pages (and active content), and so forth. If the antispyware/anti-adware software sees something it recognizes as malign, it can block it from entry and either alert the user or write a log entry to a file. If it sees something suspicious (or potentially risky, like a change to your Windows Startup Items), it can warn the user of a pending change or arrival and require the user to grant explicit permission before it will be allowed to proceed.
At this point, it's entirely reasonable to ask: "Where does antispyware/anti-adware software get the information it needs to recognize known items?" and "How does antispyware/anti-adware decide what represents suspicious behavior?" The answers both come from deep inspection and analysis of known instances of spyware and adware, as does the answer to another important question: "Given some known spyware or adware item, how does antispyware/anti-adware know how to clean up after it and remove all traces of its existence?"
In an important sense, all antispyware/anti-adware software consists of four important parts:
• Software that monitors system activity and is able to intercept certain types of activity or data transfer that might contain spyware or adware. This means inspecting incoming data and alerting users about specific types of behavior associated with adware or spyware (changing search or home page defaults, adding toolbars or Startup Items, and so forth). This maps to the blocking function that requires antispyware/anti-adware software always to be running in the background.
• A database of telltale filenames, Registry keys, and other information it can use to profile known spyware to compare against observed characteristics on some particular system, or in data seeking entry into a system. This kind of information is generally called a definition or a signature because it helps to identify specific items of adware, spyware, or other unwanted software. This database maps to the scanning and identification function whereby antispyware/anti-adware software inspects all files, memory, the Windows Registry, and anywhere else such software might leave telltale traces behind.
• A database of cleanup activities associated with specific adware or spyware items, so that once they're recognized, cleanup and removal can be automated and users relieved of that responsibility and effort. Should a scan ever report signs of infection, this makes it relatively easy to initiate cleanup and removal operations.
• A reporting tool that can gather information about a system that shows symptoms of infestation, but where no known spyware or adware can be identified. (The software can also use the same facility to report bugs or other failures about itself as well.) Although users can refuse to share such data with software developers or vendors, this is a valuable means of data-gathering when new forms of adware or spyware are encountered in the wild, and provides important clues (and can often lead directly to the offending software) that will help in the creation of spyware or adware definitions and cleanup/removal tools to counter them.
Hopefully, it's obvious why any scan should be preceded by a download of the latest software updates and any new adware or spyware definitions: the latest and greatest software and databases will maximize chances of detecting and cleaning up after something new.
Scanning for Adware and Spyware
Assume you've installed antispyware/anti-adware software on your computer (if this assumption is incorrect, you might want to jump ahead to the "Top Antispyware/Anti-Adware Picks," section, where you can read about candidates for and the processes involved in installing this kind of software on your PC). After such software is installed, you should use it immediately to scan for possible spyware or adware infestation. This guarantees a clean start for your system going forward (or will help you clean up and restore your system to a more or less pristine state).
This usually means digging into program menus and finding out how to use a program's scanning capabilities. Let's take a look at how you'd do this with Spybot-Search & Destroy (as I wrote this chapter Version 1.3 had just been released; the relevance of this description will vary as version numbers change, but it should still give you an idea about what's involved in this effort). Here are the opening steps involved in scanning and starting a repair (I'll describe the rest verbally, because system restarts make it nearly impossible to capture screen shots during that process):

1. Launch Spybot-Search & Destroy. I did so by clicking Start@@>All Programs@@>Spybot-Search & Destroy (menu heading)@@>Spybot-Search & Destroy (program name). You can also click Start@@>Run, type %ProgramFiles%/Spybot - Search & Destroy/SpybotSD.exe in the Open dialog box, and click OK. This produces the screen shown in Figure 7-1 .
Note%ProgramFiles% is a runtime variable that translates into the root directory where Windows XP puts programs by default. On an unaltered installation that's usually C:\Program Files.
2. In keeping with best usage practices, click the Search for Updates button next. This will automatically look for, download, and install any software or definitions that have been added since the last time updates were checked.

3. To scan a system, click the Check for problems button. The program begins scanning the system on which it's running, showing a progress bar at the bottom of a window. When the scanning process completes, you'll see a screen like the one shown in Figure 7-2 , which lists an issue with a DSO exploit as the only problem discovered.
NoteThis vulnerability actually refers to potential vulnerabilities in Internet Explorer that relate to default Security Zone settings. Apparently, they're not fixed in the version of IE that ships with Windows XP SP2 because Spybot-Search & Destroy discovered them in a clean, unused installation. That said, the fix is minor, entirely automatic, and prevents a vulnerability that permits code to execute without requesting permission and without using Active Scripting or ActiveX. For more information on this common problem, see

4. At this point, you can clear any items you're not sure about (or you might even want to visit your favorite search engine and read up on problems by name to help you decide what to do). In most cases, however, it's entirely safe to leave everything selected and then click the Fix Selected Problems button to let the software do its thing. That's because Spybot–Search & Destroy saves backup copies of any items it removes, and you can always use the Recovery item in the left pane to restore something if your system gets flaky afterward. For the same reason, the software creates a System Restore point before it starts fixing any items, so you can always get back to where you started even if your system won't boot; this notification screen appears in Figure 7-3 .
After this point, the software goes through cleanup and removal operations for each of the problems it attempts to fix. For DSO Exploit, this meant agreeing to permit the program (and the system) to shut down and restart. On that next startup (because Spybot-Search & Destroy inserted itself into the Run Once Registry key), the program ran before normal program loads completed, so it could undertake cleanup operations on files that would otherwise be loaded into memory and therefore more difficult to remove. According to documentation I found on this problem (see the preceding Note), the program rewrites some Registry entries that must be handled during startup. I experienced no problems from these changes and have observed outstanding results from everyday use of this software.
Notice that Spybot-Search & Destroy handles all the messy details that can make manual removal and cleanup so much work, right down to creating restore points and inserting itself into the Windows startup sequence. (This is why you had to boot in Safe Mode to conduct manual repairs, because handling keyboard input requires that bootup be completed.) I believe that automated repair is usually better than manual, because it takes all the precautions that human users in a hurry may sometimes be tempted to skip, and because it is presumably tested very thoroughly to make sure it's working (and safe for most systems) before it's released to the public.
Before I move to the next section and talk about blocking spyware and adware, we'd like to make one more valuable point about regular system scans. Our point provides the answer to this question: "If you scan immediately after installing antispyware/anti-adware software, and keep that software updated, why are regular scans necessary?" Remember that there's always a time lag between discovery of spyware or adware in the wild and corresponding definitions and cleanup and removal routines. If you should get infested on Tuesday with something new, and download a new set of definitions and cleanup and removal routines on Friday, chances are pretty good that a Friday scan will also detect and repair that infestation. When it comes to spyware and adware, blocking is not always 100 percent effective, so regular scanning (and clean-up, when necessary) is absolutely essential!
The Online AlternativeIf you'd rather not install antispyware/anti-adware software on your system right away (or at all), you can still take advantage of numerous excellent scanning services online. I'll give you a list of URLs for such sites right after I explain why I don't consider this to be an entirely satisfactory alternative to installing this kind of software on your PC. It's because, for whatever reason, there don't seem to be any online scanning services that also offer cleanup and repair. Sure, they can find the stuff, but they don't seem to be inclined to fix it (probably for the very good reason that such software has incredible power to do harm as well as good, and most people aren't comfortable turning that level of system control over to a Web site). Keep this caveat in mind as you scan this short list of quality online spyware scanners (all of them download software to your system to do their jobs, by the way, but most of them remove all traces of same when they finish):• PestPatrol's PestScan does an excellent job of ferreting out and reporting on spyware and adware (• Spy Audit-This is the scanning part of Webroot's excellent Spy Sweeper product, or something very close to it (• XBlock's X-Cleaner is no longer available on their own site, but you can still access and use their tool through (
For still more alternatives, visit your favorite search engine and use something like free online spyware scan as a search string. You'll be amazed at the number of offerings that pop up!

Blocking Spyware and Adware
In the previous chapter, I explained that pop-up blockers work by inspecting incoming Hypertext Markup Language (HTML), Extensible Markup Language (XML), JavaScript, and other markup or code to look for evidence of pop-up advertisements. If such evidence appears, the browser is instructed not to open a new Window; if no such evidence is found, it's allowed to proceed. Blocking spyware and adware can be a bit trickier because there' s more, and more complex, code to read and decipher and because, in far too many cases, users deliberately (but usually neither consciously nor willingly) initiate the downloads without knowing that adware, spyware, or malware elements may lurk within their contents.
This is where recognition by element name (especially items like filenames, DLL names, or Registry keys and values) can usually permit identification to occur before requests to write such elements are allowed to go through. This works fine for known items of spyware and adware, because they have already been analyzed, profiled, and their telltale characteristics recorded and enshrined in various databases. But what about new spyware or adware that hasn't yet been dissected or cataloged?
That's why certain characteristic behaviors are often flagged for alerts by antispyware/anti-adware programs. Thus, when you install legitimate Windows programs that add to the Windows Startup Items, you'll be queried just to make sure those changes are on the up-and-up. They can't proceed until you give your permission, on the theory that you'll be expecting this interaction when you're installing wanted software, and warned about potential problems when unwanted software is trying to install itself. The same drill applies to default home page and search engine settings: if you jump into IE and change these settings for yourself after you've installed antispyware/anti-adware software, you'll have to approve those changes with the built-in monitor before they'll "take" for good.
Although this involves a little more activity and some possible minor inconvenience, I think it's worth it for the added sense of security this protection provides. In fact, you don't need to become at all concerned until such a dialog pops up without a good reason! At that point, some investigation—including updates to your software, and a scan for adware and spyware—is probably a good idea.
In the next section, I present some leading antispyware/anti-adware products. But with this market sector currently exploding, be aware that new products show up almost on a daily basis. Also check with your current antivirus vendor to see what they might have to offer in this space. Nearly all of the major antivirus players, such as Symantec, McAfee, Trend Micro, FRISK, and so forth, have recently begun to offer, or soon plan to offer, antispyware/anti-adware products, and to include such coverage in their current offerings or product suites.

Securing Bluetooth Devices

As Bluetooth becomes more pervasive, it's likely to become the target of more security threats.
With the ability to act as a wireless networking method between devices up to 30 feet apart, Bluetooth technology is integrated into a range of devices, including cell phones, notebooks, and PDAs. Cars like the Toyota Prius are Bluetooth-enabled, as are a number of specialty products, from medical equipment to gaming consoles. Even Microsoft Windows XP SP2 includes Bluetooth support.
Bluetooth devices are subject to various security threats. While they aren't yet near the level of those associated with Wi-Fi networks, expect that to change as Bluetooth's popularity grows. Don't let the short operating range fool you—in a world where most people have cell phones, a Bluetooth--related risk may be as near as the person in line behind you or in the car next to you.
In order to communicate, Bluetooth devices must first "pair" with one another. While there are Bluetooth-enabled devices you would want to pair with—your PDA and printer, or your cell phone and notebook—you generally don't want your device paired with that of an anonymous user. Bluetooth handles such situations with various security modes, but it's up to you to see that they're enabled. If you leave your device in "discoverable" mode, any Bluetooth user within range can try to communicate with it.
The Bluetooth specification is largely secure; it's possible to pair devices so that information passed between them is encrypted. But there have been problems on the implementation side; a prime example is the Cabir virus, which spread via Bluetooth connections and infected cell phones using the Symbian Series 60 interface by exploiting a vulnerability specific to the Symbian code. Not every Bluetooth-related security risk is platform-specific, however.
Bluetooth's popularity has given rise to a series of security risks known as bluejacking, bluebugging, and bluesnarfing. In Bluejacking, a person discovers and then anonymously sends a business card to another Bluetooth device. Bluebugging is more serious, in that it lets another Bluetooth user connect to and issue commands on a remote cell phone or PDA, using it to make calls, send text messages, or even eavesdrop on conversations. Bluesnarfing lets a Bluetooth user connect to other devices in range, in order to gain access to their contacts, calendar, and more. As users store more personal information on Bluetooth devices, the need to address potential security and privacy threats becomes more pressing.
Thankfully, securing Bluetooth devices isn't too difficult. Pair your devices securely, using a strong (eight characters or more) PIN code. Always pair them in a private location to reduce the chances of your PIN code's being cracked. To eliminate the risk of unknown users accessing your device, configure it to function in Bluetooth's nondiscoverable mode.
Periodically check the vendor's Web site for updates or security patches for your device. Even cell-phone manufacturers now post security patches for their products as vulnerabilities are discovered. Applying these updates can be the difference between leaving your device exposed to the latest threats and avoiding such dangers completely.
Never accept Bluetooth messages or pairing requests from unknown users. The Cabir virus infected systems only when users accepted its incoming message and then chose to install the attached file. Take the same precautions with a Bluetooth request as you would with an e-mail message with a suspicious attachment.
As the reach of Bluetooth grows, it may become an increasingly popular target for security threats, including viruses, hacking attempts, and, potentially, Trojan horse–style attacks. It's worth giving the protection of your Bluetooth devices more than just a cursory thought—and to do that before the first big wave of Bluetooth security risks hits.