Sunday, July 24, 2005

Clean Your PC

this tip has been taken from pcmag.com

Even our high-tech machines are subject to everyday dirt, dust, and even greasy fingerprints. Any exposed parts can suffer because of dirt; PCs run hotter, monitors grow dimmer, printers jam, keyboards stick, and scanners deliver scratchy images. But what cleaning methods are both effective and safe? What should you apply when the user manual says "nonalkaline cleanser and a lint-free cloth"? Is Windex or Formula 409 okay? Can you use an old T-shirt? A damp paper towel? Here's an overview of how to keep your computer and peripherals clean.

You can do most cleaning with a microfiber cloth (such as those sold to clean eyeglasses and camera lenses) and warm water applied to a clean, all-cotton T-shirt or a second microfiber cloth. Dry microfiber cloths remove dust and finger oils from glass and other surfaces. Stains require a water-dampened cloth. (Warm water should always be the first liquid cleanser you try.) When the cloth gets dirty, wash it, and rinse it well. Avoid most paper products; facial tissue, paper towels, and toilet paper contain cellulose, which is scratchy, while products such as Kleenex Cold Care contain oil that soothes your nose but streaks everything else.

Most cans of compressed air are really compressed gas (and called that). Some are Freon substitutes (but less damaging) with some ability to dissolve grime. Hold the cans upright, and don't breathe the gas.

Monitors
A CRT's glass face may be coated, and LCD faces are plastic, so they can be delicate. Clean first with a dry microfiber cloth. (A monitor-cleaning brush works for dust.) For persistent grime use a microfiber cloth dampened with water, followed by a dry one. Avoid ammonia-based cleaners such as Windex. Antistatic wipes can help with CRT displays, though today's CRTs have much less static than those sold a decade ago. Vacuum the vents to remove dust; don't use compressed gas to blow dust in.

Be wary of display-cleaner sprays and wipes. Some are not safe for certain monitors, but unfortunately manufacturers don't give model-specific cleaning instructions.

Computers
Almost any cleaner that doesn't dissolve the finish or leave scratches is fine for the average PC case. Laptop cases require gentler cleaning with a microfiber cloth or with cleaning wipes (sold by Belkin, Falcon, Kensington, and others). Vacuum your PC's air ducts; don't use compressed gas and never use a commercial air compressor. Vacuum the keyboard lightly or use a cleaning wipe; rub gently so you don't pop off (or vacuum up) a keycap and its spring.

To clean the inside of a PC, turn off the power, then pull the power cord. Ground yourself by touching a water pipe, radiator, or the center screw on the wall outlet first. Vacuum gently and carefully; a plastic vacuum-cleaner nozzle can discharge static. Blowing residual dust out of the case innards can keep heat sinks and other parts clean, but don't shoot compressed gas from an inch or two away, and never shoot it into a drive opening. Use cleaning disks ($10) on dirty optical and floppy disk drives.

Scanners
Use a dry microfiber or lint-free cloth moistened with water or a mild glass cleaner on flatbed scanners. (HP says isopropanol- and butoxypropanol-based cleaners like Cinch, Spic And Span, Sparkle, and Glass Plus are okay.) Cleaners with ammonia or isopropyl alcohol may leave streaks. Cleaners with abrasives, acetone, benzene, or carbon tetrachloride may damage the glass. Only a few flatbed scanners let you clean the underside of the glass.

Sheet-fed scanners can be gently vacuumed to remove paper lint. You can also use fax, ADF (automatic document feeder), or scanner-cleaning sheets; run these sheets through a couple of times. With some, you moisten the fuzzy sheet with an included cleaning liquid first. Higher-end sheet-fed scanners and printers let you replace slipping rollers; for the others, wipe the rollers with a cloth soaked in pure rubbing alcohol (clear, not green). If you can reach the scanning elements, clean them with a microfiber cloth; using compressed gas might leave a slight residue.

Printers, Etc.
Most print quality problems are cured with new toner or ink cartridges. But if your cartridges are fairly new and your output is still subpar, try these steps. On ink jets, run the light cleaning cycle, then the deep one. Clean laser printers with laser-specific cleaner sheets. If toner spills on your clothes, brushing it off and washing them in cold water might save the garments.

Vacuum the rollers and housings of roller-ball mice, or use compressed gas. Clean the glides on optical mice with rubbing alcohol. Cleaning wipes are fine for the bodies of mice, printers, and cables.

Spray compressed gas into jacks and plugs. Never lick or moisten jacks to improve electrical contact: It helps for a few minutes, but leads to corrosion.

Antistatic sprays applied to carpets and drapes may keep dust from clinging to computer devices. Use commercial sprays or mix water with fabric softener in a 2:1 ratio.

If your first pass at cleaning doesn't unstick a keyboard or make a floppy disk work, it's probably time to buy a new one. This also goes for CD or DVD read-only drives, mice, sub-$100 printers, and older flatbed scanners. Today's low peripheral prices often make replacement the best option. But cleaning regularly (and at the first sign of any dirt build-up) will make any peripherals, as well as the PC itself, last longer and run better.

More Hardware Solutions:
Setting Up a Wireless Entertainment Network
The Traveling Shutterbug
Digital Photography Travel Tips
Printing Great Photos from Inkjets
Prints and the Resolution
more

Saturday, July 23, 2005

Text-Messaging Resources

all the articles have been taken from pcmag.com

Text messaging, or SMS (Short Message Service), long popular in Europe and Asia, is surging in the United States, where it has grown dramatically since the carriers agreed on pricing structures for intercarrier messaging in 2002. If you use SMS only for text messaging with friends, you're missing out on the many directories and other services that your cell phone can access. We've highlighted a few of the top resources to start your transition into the mobile-messaging market—they're all free (except FeedBeep), apart from your service provider's text-messaging fees. Whether you seek travel advisories, the latest ball-game scores, RSS feeds, good sushi, or new friends, these services will return the information you need to your cell phone's screen.

Smarter SMS

Smarter SMS

SMS: 6107267837;

www.smarter.com/sms

Fire a text message with a product's name, SKU, or model number to 6107627837, and Smarter.com will quickly reply with the lowest online price it can find. This is just a ballpark figure, however—we found that the prices listed on Smarter's Web site were more up to date (and lower) than what its SMS service said.

4INFO

SMS: 44636; www.4info.net

The online directory 4INFO is similar to Google's SMS search, with a few interesting exceptions. You can search sports scores by messaging 44636 with the name of your favorite team. Look up your horoscope by texting your zodiac sign, or check flight information by entering the carrier and the flight number.

UPOC

SMS: 8762; www.upoc.com

Once you sign up your cell number at Upoc's Web site, you gain access to a free, SMS-searchable social network. On most carriers, you can then text 8762 with a variety of commands: .who M 21-25 NY Computers will find a male computer enthusiast from New York age 21 to 25, for instance. Upoc also features interest groups, which let you join and text a number of users at once.

Synfonic

SMS: 16504307183

www.synfonic.com

Synfonic is another free, SMS-searchable online directory with most of the common options: movie times, sports scores, 411-esque directory service. You can also text message 16504307183 to receive the weather forecast for your ZIP code. Cooler still, Synfonic has a ZIP code–based search for local Wi-Fi hot spots. Just type wifi [your ZIP code] in your message to Synfonic, and you'll be on your way to Internet access.

411SMS

SMS: 3109043113; www.411sms.com

The 411sms service offers exactly what its name suggests: a directory-based service you can text message to access phone book–style information. Make sure you follow the Web site's instructions for setting up your phone before requesting information. Once ready, try using the handy language translation service. For example, if you message 3109043113 with the phrase E2F hello world, 411sms will reply with "hello world" in French. Bonjour, monde!

FeedBeep

www.feedbeep.com

You can have RSS feeds messaged to your cell phone with FeedBeep. The $2.95 basic package gets you 10 to 30 messages per month, while the $14.95 monthly plan lets FeedBeep send you 100 to 200. You can track listings from craigslist, catch the latest deals from Overstock.com, or receive practically any RSS feed that's available on the Internet.

MSN Autos Traffic Reports

http://autos.msn.com/everyday/ trafficreport.aspx

Sign up for a free .Net passport and receive Microsoft's traffic alerts directly on your cell phone. You can customize the alerts for various metropolitan regions, as well as set the severity level for alerts you want to receive. MSN Autos will even send you alerts according to a personalized time frame: For example, start getting the latest traffic updates an hour before you leave work to plan the best commute home.

Tuesday, July 19, 2005

Head Off Spyware, Viruses and Malware

Baselining Your System

Once you've done the scanning necessary—for viruses, spyware, adware, and so forth—to make reasonably sure your PC isn't operating under a cloud of sorts, you can take a look around your system to see what's normal. Computer geeks sometimes call this kind of activity "baselining" a system, because it's intended to provide you with a snapshot of what's normal for your PC.

You'll find several components of interest when establishing a baseline for your PC. One of the most important components involves taking a look at what processes are running and active on your system right after startup, before you fire off any applications. That way, they'll include only those processes that Windows itself launches at startup to do its job, and those associated with other programs that normally launch during startup (many items in this latter category will be related to the firewalls, anti-virus, anti-spyware, and other security or safety components I recommend elsewhere in this book, in fact). In the sections that follow, I describe some methods for taking snapshots of a normal baseline, including process and file inventories.

Creating a Process Inventory

Figure 12-1It's easy to take a process inventory at any time on a Windows XP machine. Simply right-click the task bar (usually at the bottom of your display area unless you've moved it) and select Task Manager from the resulting pop-up menu. To see the list of processes running on your PC, click the Processes tab at the top of the window, as shown in Figure 12-1.

Tip
By clicking the heading button in any column on the Task Manager Processes tab, you can cause the processes to be sorted on that field value. Thus, for example, click CPU Time to sort processes according to the amount of CPU time they've consumed since the last reboot (hint: System Idle Process always wins, so look in line 2 and lower for potential causes for concern). Click again on the same heading to reverse the sort order (by default, the highest values show up first, so clicking again causes the lowest values to show up first). Same thing goes for Mem Usage (memory usage), which can also be pretty revealing when it comes to understanding where your system resources are going.

Of course, unless you want to copy all this information by hand, it might be more sensible to record it to a file. That way, you've got something to compare things with later when you go back to check this list. Because you're trying to compare current conditions to what passes for normal on your PC, I recommend you do this right after startup, before launching any additional applications. Fortunately, the built-in Windows tasklist command makes this job easy; here's how you can ensconce this data safely in a file named tasklist-yymmdd.txt (substitute two-digit codes for the year, month, and day so you can tell when the snapshot was taken):

1. Open a Command Prompt window by choosing Start@@>Run, typing cmd (or cmd.exe, if you prefer) in the Open text field of the Run dialog box, and then clicking OK to execute those instructions.

2. To see a list of active tasks on your system, type tasklist at the command prompt. This produces a display like that shown in Figure 12-2. For more information on the tasklist command, type tasklist /? to display online command help. Also, you can sort the process names alphabetically by typing tasklist /nh | sort (this drops the column headings from the output and then sends the resulting process names and info to a sort utility to sort them in descending alphabetical order by process name).

3. At the command prompt, type tasklist > C:\tasklist-yymmdd.txt, where you substitute two-digit values for year for yy, month for mm, and day for dd.

Figure 12-2Note: Indeed you could cut and paste the text directly from the command window that's shown in Figure 12-2, but I go on to Step 3 and have you repeat the command, piping the output directly into a file. I think it's an easier and more straightforward way to grab this information and put it some place you can find it again. The syntax I show for the command writes the output to the root of the C:\ drive. If you follow those instructions verbatim, you may want to move that file somewhere else so you can find it more easily at another time.

4. Type exit at the command line or click the x-shaped close control in the upper right-hand corner of the command window to close this window

Understanding What You See

For each entry under the Image Name heading (appears in both the Task Manager Processes display and in tasklist command output), you determine what it represents and whether it's benign (as it should be) or malign (which means it needs rooting out). Let's look at a reformatted version of the tasklist output in Table 12-1 (entries were alphabetized and some column data removed), which ties into the 16-item numbered list shown after Table 12-1.

Table 12-1 Tasklist Command Output
Image Name PID Mem Usage Explanation
alg.exe 124 2,584K Application Layer Gateway (1)
CCAPP.EXE 1296 23,892K Common Client application (NAV; 2)
CCEVTMGR.EXE 1632 3,732K Symantec Common Client Event Mgr Svc (NAV; 3)
CCPROXY.EXE 1912 6,076K Symantec Common Client Proxy Server (4)
CCSETMGR.EXE 1608 4,312K Background task associated with NIS (5)
cmd.exe 2884 872K Windows command shell (Command prompt window)
csrss.exe 928 816K Windows client server runtime subsystem (6)
explorer.exe 1520 19,180K Windows Program Manager a.k.a. Windows Explorer
explorer.exe 2784 2,696K Child process of Windows Program Manager
hh.exe 2556 16,748K Windows help program
iexplore.exe 2776 22,480K Microsoft Internet Explorer (7)
lsass.exe 1020 1,348K Windows Local Security Authority Service (8)
mgabg.exe 1960 1,840K Matrox BIOS Guard (works with graphics card)
msmsgs.exe 748 2,944K MSN Messenger Traybar service (9)
NAVAPSVC.EXE 1992 8,220K Norton AntiVirus auto-protect service (10)
NOPDB.EXE 500 10,096K Norton Speed Disk process (11)
NPROTECT.EXE 236 5,284K Norton process protects recycle bin (12)
pdesk.exe 552 3,620K System tray app for Matrox graphics card
realsched.exe 2896 176K Scheduler program: prompts for RealOne updates
SAVSCAN.EXE 300 616K Symantec's anti-virus scanning software
services.exe 1008 3,504K Used to start, stop, and manage system services
smss.exe 404 408K Session Manager Subsystem (13)
SNDSrvc.exe 464 3,360K Symantec Network Driver Svc (part of NIS2003/4)
spoolsv.exe 1788 5,036K Windows print spooler service (14)
SpySweeper.exe 1284 10,196K SpySweeper anti-spyware/anti-adware background task
svchost.exe 624 3,272K Windows system process to service dynamic link libraries (DLLs) (15)
svchost.exe 1180 4,772K Windows system process to service DLLs (15)
svchost.exe 1228 3,688K Windows system process to service DLLs (15)
svchost.exe 1308 27,376K Windows system process to service DLLs (15)
svchost.exe 1356 2,440K Windows system process to service DLLs (15)
svchost.exe 1408 3,484K Windows system process to service DLLs (15)
symlcsvc.exe 532 520K Symantec Core Library Code (common code items)




System 4 224K The Windows System process




System Idle Process 0 16K Runs whenever CPU is idle
ups.exe 572 1,788K PowerChute uninterruptible power supply (UPS) monitoring tool
winlogon.exe 964 7,964K Windows process to manage user logon and logoff
wmiprvse.exe 3924 4,560K Windows Management Interface (WMI) provider service (16)




1. The Application Layer Gateway is a Microsoft executable that provides functionality for the Windows Firewall and for Internet Connection Sharing for Windows XP. I find no evidence to indicate this process may be impersonated or subverted by spyware, adware, or malware, but many attacks that attempt to shut down local security will attempt to shut down this process as part of that effort.

Note: All of the executables that start with CC are part of the Symantec Common Client runtime environment, used for Norton Internet Security (which includes Norton Personal Firewall, Norton AntiVirus, Norton AntiSpam, and various other components in the test installation). This includes entries 2, 3, 4, and 5 on this list. There are no known attacks that impersonate these Norton components, as best I can discover.

2. CCAPP.EXE is part of the Norton AntiVirus system. No documented attacks or impersonations on many of these components, though some malware may attempt to shut down one or more of these components to bring down Norton security shields.

3. CCEVTMGR.EXE provides a general event management registration and reporting service for all Norton Internet Security components.

4. CCPROXY.EXE provides a mechanism for proxying Web access requests within Windows environments where the Norton Personal Firewall is active; it's designed to let the software screen outgoing Web requests according to security and suitability criteria (the latter in connection with Norton Internet Security's Parental Controls).

5. CCSETMGR.EXE provides a mechanism for launching various Norton Internet Security or Norton AntiVirus components at startup, and for scheduling LiveUpdate automated downloads.

6. cmd.exe is the Windows executable for the command-line environment (this appears only if you have a command prompt window open when the snapshot is taken). No known impersonation or attacks are documented, though some malware may open this process to handle scripts if system security is sufficiently compromised.

7. csrss.exe is the Windows client server runtime subsystem. Its job is to provide common windows, thread management, and graphics capabilities to all subsystems running in the Windows environment.

CAUTION: At least one known virus impersonates csrss.exe, so be very suspicious if you see more than one instance with this name (there should be only one).

8. lsass.exe is the Windows local security authority subsystem service that handles the logon process, user authentication, and generates session-specific security tokens that are compared with user and group permissions to determine whether resource access requests are granted or denied. The Sasser worm specifically attacks this system component, as do some varieties of Nimos and Lovgate.

9. msmsgs.exe is what the MSN messenger service users to advertise its presence, and to include a traybar icon on the Windows XP desktop (installed by default in Windows XP and subsequent service packs). Although no attacks on this component are documented, some attacks use file transfers inside the application to try to deliver infected payloads to users.

CAUTION: Several documented viruses use msmsgs.exe as their process names. You should never see more than one instance of this process name (or even one if you disable the Windows Messenger application). If you don't use Windows Messenger, in fact, it's perfectly safe to terminate this process. If you don't use Messenger at all, or if you don't mind starting it up manually yourself (use the Run command, type msmsgs.exe in the Open: text box, then click OK), you can stop it from running on startup as follows: Start@@>All Programs@@>Windows Messenger@@>Tools@@>Preferences and then uncheck the check box that reads "Run Windows Messenger when Windows starts."

10. NAVAPSVC.EXE is Norton AntiVirus's auto-protect service; its job is to screen inbound and outbound file transfers, e-mail attachments, and so forth to block viruses from entering or leaving your PC. No known attacks are documented, but this is clearly something many types of malware will try to turn off if possible.

11. NOPDB.EXE is associated with the Norton Speed Disk utility in Norton SystemWorks; its job is to permit Speed Disk to launch during startup when the user requests this service. No known attacks are documented, nor any attempts to turn off or defeat this service. You won't see this on your machine unless it's also running Norton SystemWorks.

12. NPROTECT.EXE is associated with the Norton Protected Recycle Bin set up as part of Norton SystemWorks; its job is to prevent the Recycle Bin from being emptied without obtaining user confirmation. No known attacks are documented, nor any attempts to turn off or defeat this service.

13. smss.exe is a Microsoft process involved with creating, managing, and deleting user sessions.

CAUTION: Numerous viruses run using the smss.exe image name, so be sure to preserve only that version that resides inside the C:\Windows\System32 folder (all others are illegitimate).

14. spoolsv.exe is the Microsoft print spooler service, which stores pending print jobs on your PC until they can be sent to the designated printer for output.

CAUTION: Numerous viruses run using the spoolsv.exe image name, so preserve only that version that resides inside the C:\Windows\System32 folder (you can even end this process, too—you just won't be able to print unless you manually restart the Printer Spooler service or reboot your machine).

Figure 12-315. svchost.exe runs as a process that supports common Windows dynamic link libraries (DLLs) for lots of services. In fact, you'll see one instance of this executable in the processes display for each such group of services that shares a common set of DLLs in the Windows runtime environment. Figure 12-3 shows tasklist output that's been crafted to document what services are involved in each of the six svchost.exe instances present in svchost that appear therein—notice the wide variety and large number of services involved. No known attacks or attempts to turn off this process are documented, but it too should be found only resident in the C:\Windows\System32 folder (though you will find copies in service pack or CD image folders as well).

Note: The precise command syntax in Figure 12-3 is tasklist /svc /fi "imagename eq svchost.exe". Restated in something closer to English, this means show me all the DLLs for the services that every instance of the svchost.exe file uses. What you see in that display are various instances of svchost, where the first relates to distributed communications and terminal services, the second to remote procedure call services, the third to a whole bunch of services that call common presentation dlls, the fourth to DNS caching behavior, the fifth to various kinds of remote access, and the sixth to a still digital imaging service that runs in Windows XP.

16. wmiprvse.exe is a manifestation of Microsoft's system management application program interfaces (APIs) at the runtime level; it's a rearchitected version of the WMI interface introduced in Windows XP (and also supported in Windows Server 2003) to support all WMI services through a single provider service. That's why you'll find it running on your system someday because you've recently installed an application that draws on WMI support, or a Microsoft update that does likewise. As with svchost.exe, you will occasionally encounter multiple instances of this software running at the same time—this is normal.

CAUTION: Some viruses that impersonate this service have been reported—most notably Sonebot.B, Gletta.A.Trojan, and various flavors of Sasser. The only valid instance of this code resides within the C:\Windows\System32\wbem directory.

By getting a sense of what's normal for your system, you can use Task Manager or the tasklist command at any time you've got reason to be concerned about your system to check one snapshot against the other. If you do your homework on the initial snapshot, you'll need to check up only on new items to figure out where they're coming from, and what kinds of trouble they might portend, if any.

This probably leads to a perfectly valid question: "How do I find out about process names on my PC?" Indeed, my own listings here are examples that will contain some (but not all) of the items that will show up on your machine. To document your unique collection of processes, open Task Manager and check the Processes tab, or create your own tasklist output file as described earlier. Then, you can use the various entries in the Image Name column on Google, Yahoo!, or the search engine of your choice to learn more about these processes—especially, whether they should be causes for concern or otherwise. I got my information from a whole variety of sources online, along with an excellent tool from Liutilities called WinTasks 5 Professional (see the "Resources" section toward the end of the chapter for more details on this offering).

Note: To get a definite sense of what "Safe mode" really means for Windows XP, try booting your machine into that mode (hold the F8 key down just as Windows starts booting and then select Boot in Safe mode from the resulting character mode menu that appears on your screen). Whereas my normal Windows XP boot shows 30-plus processes, in Safe mode I get only 12 (not counting taskmgr.exe, which runs only to show me the other process names), and those include only basic system elements necessary for operation: csrss.exe, explorer.exe, lsass.exe, services.exe, smss.exe, System, System Idle Process, and winlogon.exe, plus "only" three instances of svchost.exe! This really shows how few elements are needed to run a minimal, stripped-down version of Windows.

Rough and Ready Performance Metrics

Although Windows XP does include a marvelous utility called Performance (it's in the Administrative Tools folder in the Control Panel) that you can use to measure system performance very accurately, you don't really need that tool to get a sense of what's normal on your PC. Instead, you can use a watch with a second hand because pinpoint accuracy isn't really overwhelmingly important (hence the title for this section).

Instead, create a text file or take notes with results from timing typical activities on your machine. They should include some or all of the following items:

Normal startup time (cold boot)—Start timing as soon as you turn on the power to your PC and stop when the Windows login prompt appears (if applicable), or when the booting process has completed (if not).

Normal restart time (warm boot)—Restart Windows XP (Start@@>Turn Off Computer and then click the Restart button) and start timing simultaneously; stop timing when the Windows login prompt appears (if applicable), or when the booting process has completed (if not).

Start time for commonly used applications—These might include Office components, Internet Explorer (or whatever Web browser you use), and other applications that take at least a short time to launch (to give you enough time to have something to measure). Launch them from the Start@@>All Programs menu sequence and start timing as you click the application name on its pop-up menu. Stop timing when the application is ready for your input.

By comparing your baseline timings with those taken at another time, you'll be able to tell if your machine is running more slowly than usual or not.

Other Snapshots Worth Gathering

Tip
Finding differences isn't necessarily a bad thing-especially if you've installed a security update or a service pack since the last snapshot (in that case, you should expect to see things change so much that you'll really want to create a new baseline after performing such actions). The same thing applies whenever you install new or update existing software as well: make a new baseline! In general, it's only when you find instances of familiar file names in directories where they're not supposed to be (or in new directories for which you have no idea where they came from.) that you really have cause for concern.

Most professionals who go looking for signs of unwanted or malicious activity also depend on comparing before and after snapshots of key directories in the Windows file system and in the Windows registry. I touched on some of the techniques and tools involved in Chapter 4 of this book. If you decide you might want to use them on your own system, you'll need to get familiar with some new tools and techniques yourself.

The Windows directories where untoward things often happen include the %windir% directory (this environment variable usually points to C:\Windows on most Windows XP computers, but to C:\WINNT on Windows NT and 2000) and the %windir%\System32 subdirectory (a.k.a. C:\Windows\System32). By monitoring the contents of these directories, you can sometimes discover signs of unwanted software at work. By following the same steps to create a baseline snapshot now, and a comparison snapshot later, you can create a basis for investigation and see what's changed. Here's how:

1. Open a Command prompt window (Start@@>Run, type cmd.exe in the Open text field of the Run dialog box, and then click OK).

2. Type the following at the command line: dir %windir% /o:-d > winfiles-yymmdd.txt, where yy is the two-digit year, mm the two-digit month, and dd the two-digit day. Note that this captures only the files in this directory (you'd use the /s -d attribute instead of /a: -d to capture subdirectory data as well).

3. Type the following at the command line: dir %windir%\System32 /s /o:-d > win32files-yymmdd.txt, where yy is the two-digit year, mm the two-digit month, and dd the two-digit day. Note that this captures all the files in the . . .\System 32 directory and all of its subdirectories, so this can be a big file.

Tip
If you want to be sure you're comparing "after" snapshots to current known good working "before" snapshots, it's essential to rebuild your baseline snapshots every time you change something about your PC. This means after installing new applications or utilities, service packs or security updates; adding new (or removing old) hardware; and so on. All of these things change the Windows registry, file system, and the list of processes active on your PC. Without keeping up with changes, you may end up chasing phantoms instead of real problems. Thus, it might be a good idea to get in the habit of building new baselines each time you make a system change, and at least once a month (perhaps on the same day of each month, driven by an Outlook reminder?) to be doubly darn sure you're working from the latest and greatest known good working baseline of your PC.

If you use this same process for your baseline and then when you're conducting an investigation, compare the various files for the different dates involved, and you may be able to spot some differences. Files will be listed newest first, so hopefully, you won't have to look too deeply into any list to see new or unexpected items in the "after" snapshots that are missing from the "before" snapshots.

You can also apply the same technique to your Windows registry, but it takes a bit more effort. The idea is to snapshot and export the contents of major registry keys (HKEY_CLASSES_ROOT or HKCR, HKEY_CURRENT_USER or HKCU, HKEY_LOCAL_MACHINE or HKLM, and so forth) or subkeys subject to change—for example, the HKLM\SOFTWARE key is the item to grab for before and after snapshots when installing software on your PC—to provide a basis for comparison.

If you don't want to spring for one of the tools I recommend in Chapter 4 (such as Registry Watch or Active Registry Monitor, which can perform such comparisons for you more or less automatically), you'll have to do a certain amount of setup and legwork to implement my suggestions (see also the next section, which specifically addresses issues involved in comparing snapshots to one another). Here's how to snapshot your major registry keys:

1. Launch the Windows Registry Editor: Start@@>Run, type regedit.exe in the Open dialog box, and then click OK.

Figure 12-4 2. Highlight the first major key in the registry, HKEY_CLASSES_ROOT, as shown in Figure 12-4.

Figure 12-5 3. Click File and then Export in the resulting pull-down menu. The Export Registry File window appears, as depicted in Figure 12-5. Notice the file naming convention I used: RegSnap-HKCR-yymmdd.reg. This helps you to identify and reimport that data should you ever need to and provides the basis for automated comparisons explained in the next section.

Note: The Registry Editor saves exported files by default in .reg format. That's good, because if you want to read data exported from your registry, or want the ability to restore only specific, individual keys and values, stick with the default registry file type (.reg extension). You will find other sources that recommend that you save such snapshots in hive file format (which usually take the .hiv extension) but if you do so, please follow other instructions carefully, realizing that you won't be able to read the contents of those files (even using WinDiff they're pretty incomprehensible for the most part) and that you can import only entire hive files in one go. In addition to being human readable, you can also pick and choose the keys and/or values you want to import from .reg files into your registry, which makes them preferable for most uses, in my opinion.

4. By default, the file is saved in your My Documents folder, but you can navigate inside the My Computer or My Network controls to store its contents elsewhere. Click the Save button, and you're done.

5. Repeat for the other major registry keys (HKCU, HKLM, and HKU—you don't need to capture HKCC because it's dynamically rebuilt each time Windows starts up).

6. Close the Registry Editor (click the x in the upper right-hand corner, or use Registry@@>Exit menu commands).

Here again, you'll need to repeat this exercise later, so you'll have "after" snapshots to compare to your original baselines.

Comparing Differences

If you've a mind to avoid lots of reading and manual labor when comparing differences between one snapshot file and another, you're not alone. In fact, Microsoft includes a special tool called Windiff.exe that's designed to compare two versions of the same file (or two similar files, as will be the case here) to one another.

INSTALLING WINDIFF

WinDiff isn't installed as part of Windows XP (or other Windows versions) by default. You have to load your Windows XP CD or your latest Service Pack CD and install it from there. Here's how:

Figure 12-6 1. Insert the CD into your CD drive; the autorun program on the CD should launch the Windows XP install utility, as show in Figure 12-6.

Figure 12-7 2. Click the "Perform additional tasks" link that appears in Figure 12-6 and then click the Browse this CD button (this produces the display shown in Figure 12-7).

Figure 12-8 3. Open the SUPPORT folder to access the setup utility for the Windows Support Tools, as shown in Figure 12-8.

4. Double-click SETUP.EXE to launch the Windows Support Tools installation wizard. It will lead you through the rest of the installation process. If you decide you don't want to install the complete collection of Windows Support Tools, you can elect to install Typical Tools (rather than the complete set, which also includes Optional Tools) because WinDiff is included in the former subset.

5. When the installation is finished, close all open windows and you'll be able to start using WinDiff.

USING WINDIFF

Once you've installed WinDiff, it shows up by default in a directory named %ProgramFiles%/Support Tools (for most readers, this means C:\Program Files\Support Tools). Using it requires a little preparation and understanding, but it's really not that bad. Here's how:

Figure 12-9 1. To launch the program, double-click the entry named WinDiff (or WinDiff.exe) in the Support Tools directory. Alternatively, you can click the WinLogo key and R and then type "%programfiles%\Support Tools\WinDiff" into the Open text field of the Run dialog box (note: the quotes around the string are necessary because the file specification has blanks in it). Either way, you should see a display like the one shown in Figure 12-9.

2. Next, click the File command in the WinDiff toolbar menu. There, the first two commands are Compare files and Compare directories. This admittedly contrived example hinges on comparing two directory lists I made of some product keys I keep around, one before I went in and added a file and changed some values in another file, the other after making such changes. These two files appear side-by-side to show the raw data in the following code lines:

Volume in drive D is Data and Storage Volume in drive D is Data and Storage
Volume Serial Number is 2803-B30D Volume Serial Number is 2803-B30D
Directory of d:\Test040928 Directory of d:\Test040928
08/05/2004 05:07 PM 39 bitdefender-key.txt 08/05/2004 05:07 PM 39 bitdefender-key.txt
09/19/2004 06:33 PM 60 NAV2005upg-install-key.txt 09/19/2004 06:33 PM 60 NAV2005upg-install-key.txt
08/05/2004 04:40 PM 76 NIS2004-install-key.txt 08/05/2004 04:40 PM 76 NIS2004-install-key.txt
09/17/2004 09:50 PM 368 NIS2005-install-key.txt 09/17/2004 09:50 PM 368 NIS2005-install-key.txt
07/11/2004 04:41 PM 30 NortonInetSecurityKey.txt 09/28/2004 04:45 PM 400 NIS2006-install-key.txt
08/23/2004 06:25 PM 58 opera-7-regcode.txt 07/11/2004 04:41 PM 30 NortonInetSecurityKey.txt
06/15/2004 03:23 PM 28 spysweeperkey.txt 08/23/2004 06:25 PM 58 opera-7-regcode.txt
09/28/2004 04:46 PM 54 spysweeperkey.txt
7 File(s) 659 bytes 8 File(s) 1,085 bytes
0 Dir(s) 100,493,692,928 bytes free 0 Dir(s) 100,493,692,928 bytes free

Note: I did take some liberties with these listings, including deleting unnecessary white space to fit it onto the page, and adding a blank line to the right-hand file listing to make the file count and free space lines match for both files.

Figure 12-10 3. If you click the Compare Files menu in WinDiff, the first window that pops open in response lets you pick the first file for comparison. Once you specify that file, a second window that lets you pick the second file pops up next. In my case, I compared a couple of directory listings named keyfilev1.txt and keyfilev2.txt that I deposited into the My Documents folder. After making these selections, a display like the one shown in Figure 12-10 appears (an analysis of this display, which is the meat of this whole section appears after the final step in this step-by-step sequence that follows the figure).

4. Once you're finished with WinDiff, click the red x in the upper right-hand corner, or select File@@>Exit to close the application.

The top line of the WinDiff display area shows the two files being compared. In the actual listing, lines with differences between the two files show up in yellow for the file 2 information, red for the file 1 information. This means that a line that's present in file 2 but not in file 1 (an added line) shows up only in yellow. This is the case for the unnumbered line between line numbers 9 and 10, where the listing for file NIS2006-install-key.txt shows up. A line that was present in file 1 but absent in file 2 would show up in red only (this does not occur in this example). A line that differs between the two files shows up in red first for the file 1 version and yellow second for the file 2 version. This is the case for lines 12 and [12] and for lines 13 and the unnumbered line that follows immediately afterward. These pairs of lines show that the file size for spysweeperkey.txt changed from 28 in file 1 to 56 in file 2, and that the total byte count for file 1 is 659, but 1,085 for file 2. This is just the kind of information you need to compare directory contents, registry files, and other items that may have changed. The appearance of a new file (for a product as yet unannounced, and by no means available) is a sure sign of monkey business, as are the changes in file size for the Spy Sweeper key and for the directory itself.

Working with WinDiff takes a little time and practice, but basically it takes two file names or directory specifications as input parameters (so it can have two things to compare to one another). By way of output, it creates a list of all the differences between the two files it finds, using color and other flags to show differences. This is merely handy when comparing process lists, which seldom exceed 40 or 50 items; it's absolutely essential when comparing Windows files or registry values, because they can easily number in the thousands!

That said, how can you tell when a change is significant? As I mentioned in earlier chapters in this book, anything that changes Internet Explorer defaults unexpectedly or unwontedly, adds entries to programs that are run automatically at startup (either in keys that end in \Run, \RunOnce, or buried in class definitions elsewhere in the registry), or removes other entries from those keys (so as to disable firewalls, anti-virus, or anti-spyware software, for example) is suspect. If a little practice doesn't build up your confidence, visit anti-virus and anti-spyware sites and look at the files, registry data, and other items they mention in documenting adware, spyware, and malware, and the items deleted or modified when removing such things manually. These all represent the kinds of things you're looking for and should help you zoom in on your local targets quickly and effectively.

Monitoring System Security

Figure 12-11One of the biggest and best improvements in Windows XP SP2 is the introduction of the Security Center. This is a centralized utility that reports on what Windows knows about your system's current level of security, and that provides access to information to address any problems it reports (or at least, advice on what to check to make sure such problems don't exist). On a test PC running Norton Internet Security, for example, although Windows can tell that a firewall and anti-virus software are installed, it apparently can't report on their update status, as shown in Figure 12-11.

You can check in on this utility from time to time to see how Windows thinks you're doing in the security department. On the other hand, each time Windows starts up if there's a need to check status in any of the areas that the Security Center monitors, it'll pop up a warning message that tells you there's something going on that needs looking into. It's a vast step forward over anything else Microsoft has ever done before by way of security monitoring. That said, because it doesn't yet detect all anti-virus programs equally (I tried Norton AntiVirus 2004, BitDefender, and other packages mentioned in Chapter 9, but it could not access status information for all of those it could recognize) nor could it do the same for all third-party firewalls. I imagine this situation will improve as Windows XP SP2 becomes the norm, and more vendors add the necessary hooks into their products to communicate with the Security Center. For example, if I didn't use both the firewall and the anti-virus software built into BitDefender Professional v7.2, the program would report to Security Center that anti-virus software was not enabled, even though it was running and working properly. On the other hand, Norton Internet Security 2005 integrated with Security Center perfectly and would accurately report all status changes in the firewall and anti-virus capabilities separately and correctly. Again, I think this situation should improve with time, as these kinks are worked out where necessary.

Of course, I still think automatic update is the right approach for all security-related software, whether or not Security Center can track its currency and update status. With automatic update turned on and a current subscription, you're guaranteed to be able to keep up with what's likely to show up in your inbox or security perimeter next! My only regret is that Microsoft didn't choose to include antispam and anti-spyware/anti-adware monitoring features in the Security Center as well. Maybe in Windows XP SP 3?

Proper Password Handling

I'm going to make some recommendations about password structure and also about how to keep your passwords safe and sound. In an age where many Web sites have passwords, where you probably use a password to log into your Windows computer, and where even some programs and utilities may have passwords, there certainly are enough of them to go around.

So I want to start by shaking the foundations of your universe and say that your password is probably insecure if one or more of the following conditions are true:

If your password appears in any kind of dictionary, it might be reproduced the same way (or at least from a word list that matches the entries in that dictionary, if not the definitions and other stuff).

If you use familiar data in or for your password—like the names of your spouse, your children, or your pets, or perhaps your phone number, street number, or part of your Social Security number—crackers often customize their dictionaries with such data when attacking you.

Same goes for birthdays, anniversaries, and other numbers that relate to you and your loved ones.

Since I just described most passwords that people use, what's a person to do? The answer lies in a good working understanding of password complexity. A sufficiently complex password is much more difficult to guess, and makes whatever that password protects much less likely to succumb to a dictionary-based attack. But what are the ingredients of a complex password? Glad you asked! According to Microsoft, and lots of other experts who provide password guidelines, a complex password is or contains:

At least 8 characters, preferably as many as 14

A mix of upper- and lowercase letters, numbers, punctuation marks, and other symbols

Is sufficiently strange and random to be difficult to guess, and unlikely to be in anybody's dictionary

Follows some logic you understand, or some structure you can re-create, but that's unlikely for somebody else to be able to do likewise (unless you tell them, in which case you've violated a major password security rule)

Most dictionary attacks are smart enough to try obvious substitutions for vowels (@ for a, 3 for e, 1 for i, 0 for o, and so forth) so please don't fall prey to the idea that simple replacements for dictionary words gets you off the hook, either. An old friend and colleague of mine likes to explain what this means by using the example password Ie4PoTw/3I:Ps&O as an acronym for "I eat four pizzas on Thursdays, with three ingredients: pepperoni, sausage, and onions." Note that every other alphabetic character is upper- or lowercase, and there are a couple of numbers and three punctuation marks for good measure (and good complexity) thrown in. Use this approach as an example, but don't use this password, please: because it's in print, it just might show up in somebody's dictionary for that reason!

Next, here are five simple rules for passwords that you should violate only at your peril:

Never write down passwords, unless they're stored in a very secure location (preferably a safe, but hidden in a locked drawer or lockbox is okay).

Don't share your passwords with anybody. You never know when they'll violate any of the password rules. Administrators, bosses, and security staff are the only possible exceptions.

Never e-mail your password to anybody (besides, doing so violates the previous rule, right?).

Change your passwords regularly—at least every 6 months or so (frequency usually varies by how sensitive the materials and information you work with might be: in government top-secret workplaces, they routinely change passwords monthly, and sometimes, even more often than that).

Don't use the same password for multiple sites, logins, or other password-protected assets. Otherwise, compromising one can lead to compromising them all (or as many as share the same password, anyway).

"Holy cow!" I hear you saying, "I need about 20 passwords! How am I going to remember all that stuff?" Good question! Fortunately, oodles and scads of password manager programs are available nowadays, so the only password you really need to remember is the one that unlocks that program (but that means it better be a really good password, comprende?). Numerous commercial password managers are available, but I mention a handful of my favorite freeware tools here believing that buying some or all of a firewall, anti-virus, anti-spyware/anti-adware, and possibly even antispam software or services has probably depleted your budget somewhat by now. See Table 12-2 for some recommendations (use your favorite search engine with "free password manager" as a search string if you decide you don't like any of these).

Table 12-2 A Handful of Free Password Manager Programs
Name Description URL
RoboForm Password generation, storage, and autotext app www.roboform.com/
HyperSafe Provides local or Web-based access to passwords www.passwordsafe.com/
KeyWallet Provides local password storage and access www.keywallet.com/
Password Safe Bruce Schneier's open source password safe www.schneier.com/passsafe.html
Secure Data Manager Open source password manager with annotations http://sdm.sourceforge.net//td>

Grab one and use it with your newly invigorated and incredibly innovative collection of passwords. For my own part, I'm entranced with Schneier's Password Safe (he's a real star in the computer security world, and his stuff is great) as well as the Secure Data Manager (also known as SDM). Other possible do-it-yourself approaches might include creating password-protected files in Word or Excel, or perhaps using a password manager built into a third-party browser (Internet Explorer will happily manage passwords for you, too, but its protection schemes have been cracked enough in the past for me to be nervous about recommending that approach without this warning).

Stay Away from Risky Downloads

It's a truism I've mentioned throughout this book that most unwanted content and software arrives by invitation on most PCs, rather than by insidious or nefarious means. At this point, I assume you're convinced that threats are everywhere and that vulnerabilities can be exploited given the right opportunity. If you've installed a firewall, anti-virus software, anti-spyware/anti-adware software and have done what you can to protect your system from these threats, that doesn't mean you can do anything you want on the Internet.

It's important to recall that signatures and other means of positive identification inform most of what protective software can do for your PC. Indeed, the presence of anti-virus and anti-spyware/anti-adware software on your machine should protect you from known threats—but what about new or unknown ones? I look at software downloads much the same way as I do at e-mail attachments: okay if they come from a known and trusted source, but questionable if not downright dangerous otherwise.

To make my point as directly as possible, don't download software from unknown or untrusted sources. If you can't find a glowing review of some shareware or freeware program in a reputable publication or on a well-known Web site, you're tempting fate (and risking infection or infestation) if you copy a download to your PC, and then install the software it contains. Stick to well-known sources of shareware and freeware and resist the temptation to grab a cool-sounding or -looking tool or utility. Just because you can download anything you want, doesn't necessarily mean that you should.

When in Doubt, Play It Safe!

When you're working with your PC, cruising the Internet, reading e-mail, or diverting yourself in some hopefully enjoyable way, don't take unnecessary chances with unknown and potentially unsafe materials. Even though there is often some subterfuge or covert activity involved when unwanted software makes itself at home on a PC, it usually enters that machine through the front door, buried inside some supposed prize or possible treasure that users download. Although the protective software you install on your PC should protect you from routine threats, it's just not smart to open the door to potential infestation or infection.

The key to playing it safe is to do some homework before downloading anything. The best way into a download is through a link provided in a reputable publication (such as PC Magazine and other well-known publications that cover computing topics, tools, and technologies) or from a Web site that you know and trust (elsewhere in this book, I've cited sites such as The Ultimate Collection of Windows Software a.k.a. tucows.com, CNET's Shareware.com, ZDNet at www.zdnet.com/downloads, and so forth). Even if you find pointers to a program somewhere else on the Web, if the program's got sufficient capability and has generated real interest in the user community, you can probably find a copy of somewhere safer—if you take the time to look. Save yourself some possible grief, and do just that! Resources

Legions of great resources are available that explain what processes run on a Windows machines, which ones are benign and necessary, which ones are benign and possibly unnecessary (and how to do away with them if you decide you don't need them), and which ones are potentially dangerous or outright malign. I found three stellar resources while researching this chapter, but given the time I know I could find more.

There's very good built-in process info at the "I am Not a Geek" (sez you!) Web site at www.iamnotageek.com/, but a search engine like Google seems to be the best way to dig into its contents because I couldn't find many of the articles Google turned up for me by trying to navigate my way into that site top-down. If you simply search on process names, you'll find this site popping up repeatedly, so why not just take the most obvious approach?

The Los Angeles Free Net has a great collection of Web pages called "Startup Programs and Executables Listing" that includes links to information for a sizable and reasonably comprehensive collection of process image names (www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM).

Paul Collins maintains a decidedly comprehensive startup programs list that includes most process executables plus a raft of other items; you can access a search engine against that list at www.sysinfo.org or jump straight to the list at www.sysinfo.org/startuplist.php.

If you're going to dig into the many command-line utilities that Windows supports, please avail yourself of Windows XP's built-in "Command Line Reference" for syntax information and examples to help you get things right. To access this reference, choose Start@@>Help and Support, and then type command line reference into the Search box in the upper left-hand corner of the resulting screen.

You can learn more about the WinTasks program at www.liutilities.com. I also found ready access to some, but not all, of the process information from my Task Manager list on its site by typing URLs constructed as follows: http://www.liutilities.com/products/wintaskspro/processlibrary/>/, where you substitute the image name without the .exe extension for (so that looking up the Application Layer Gateway service, or alg.exe, would use /alg/ at the end of the aforementioned URL).

Although I already mentioned Jerry Honeycutt's outstanding book Microsoft Windows XP Registry Guide (Microsoft Press, 2002) in Chapter 4, because he explains how to compare registry versions using WinDiff therein, I think it's worth another mention here. He also wrote a peachy article for Microsoft entitled "Safekeeping the Windows XP Registry."

Microsoft's WinDiff utility is an amazing tool, if you're willing to take the time to learn how to use it. To that end, you'll find Microsoft Knowledge Base Article 159214 "How to Use the Windiff.exe Utility" extraordinarily informative (http://support.microsoft.com/default.aspx?scid=kb;en-us;159214). If you're not really interested in lots of cryptic character display Chris Maunder has created WinDiff UI, a graphical interface for the program that's much easier to use and understand than WinDiff itself. You can read more about this tool and download an executable at www.codeproject.com/tools/runwindiff.asp.

The Windows XP product documentation includes a short but detailed technical description entitled "Password must meet complexity requirements". To see the company's official take on what makes a password sufficiently complex, please consult that Web page.

Summary

This chapter offered numerous tips and techniques for practicing system safety. In particular I explored the process of creating a system baseline to use as a comparison if things ever start to get weird on your computer, as well as some thoughts regarding monitoring system security, managing passwords, and some commonsense rules for downloading anything off the Internet.

The next chapter moves on to the final part of this book, and changes focus to reviewing the kinds of regular security routines that you should practice. I explore a regular security regimen in Chapter 13 to help you keep up with the current state of security (whatever it may be), and also describe in Chapter 14 the kind of automated scans and checks you should be performing on your PC on a regular basis. The idea is to maintain a level of security awareness and checks that will minimize the chances of an unpleasant surprise appearing from out of the blue!


Sunday, July 17, 2005

Getting Your Color Right

thanks to pc mag for this tip :)

Printing photos has changed dramatically since the days when getting acceptable color took a great deal of knowledge or even more luck. Today, you can pick almost any printer, camera, and scanner at random and use them together without a problem. If you have a well-trained eye, you might quibble with the color, but most people are usually satisfied with it.

For those who aren't, the fixes run the gamut, from simple steps that anyone who prints photos should know about to complex tools of interest only to professionals and the most demanding photo enthusiasts. We'll focus on the simple fixes here and take a look at the advanced tools in the sidebar "Color Calibration Tools."

Why Color Needs Managing

Colors are harder to match than you might expect, for a number of reasons. A major challenge in printing from a computer is translating color information from one device to another. Two printers that use different cartridges almost always use significantly different colors for each primary: cyan, yellow, and magenta. If you define a color in terms of the inks in the printer—say, 20 percent cyan, 45 percent yellow, and 35 percent magenta—the color you get will depend on the printer you're using. This same problem applies to cameras, scanners, and monitors.

One way to deal with this is to create a color profile for each device and use a color management scheme to adjust colors based on the profiles. But individual profiles mean separate profiles for every possible variation, including every change in resolution or paper. Worse, to get the colors right, you'd need to adjust the profiles every time you changed ink cartridges, since the new ink could be from a different dye lot.

A simpler approach is to agree on a standard way to describe colors and let manufacturers worry about how to translate between the standard and each of their printers, scanners, and cameras. That way, you shouldn't have to worry about color management, or even be aware of it.

The agreement that serves that purpose is sRGB, which was originally defined to standardize typical monitors. The goal was to let people use any monitor, printer, scanner, or camera and get acceptable color across the board without having to create and manage profiles or otherwise think about color.

The scheme works well, despite some limitations. It's supported by nearly every printer, scanner, and camera that have come out since early 2001. And unless you tell Windows otherwise, Image Color Management (ICM) 2.0 in Microsoft Windows 98, 2000, Me, and XP assumes that every device is using sRGB. Thanks to sRGB, most people never need to learn much about color management. Still, to get the color you want, it helps to know the basics.

Paper Matters

Paper type
The most common reason for getting unacceptable color is printing on one kind of paper with the printer set for another kind. Many current printers have a paper sensor that's meant to prevent you from making this mistake. By default, the printer driver is set to detect the paper type and use the right color tables for that paper. In our experience, however, the paper sensor doesn't always pick the right paper type, particularly for printers that have settings for similar kinds of paper.

The best strategy is to set the paper type manually and use the automatic setting only as a fail-safe in case you forget. To do so, go to File | Print from the program you're working in, then click the Properties button. If, however, you're printing from the Windows XP Photo Printing wizard, click the Printing Preferences button on the appropriate wizard screen. Search through the options, changing them as appropriate. Any changes you make this way will apply only until you close the program you're printing from. To change the default setting for an option, open the driver by going to the Printers and Faxes dialog box, right-clicking on a printer name, and choosing Properties.

Some third-party photo papers come with recommended settings for popular printers; if yours does not, you'll need to experiment to see which paper setting gives you the best color. If you can't get acceptable color from any of the settings, switch to a different paper or consider exploring the professional-level tools that we discuss in the sidebar on page 76.

Let Your Driver Do the Work

Printer color management can take place in the printer driver, the application you're using, or the operating system. Unless you need the more sophisticated levels of color management, leave color to the driver.

In many cases you don't have to do anything; the printer is permanently set as an sRGB device. If you explore your printer's driver, however, you may find other options. If you're not happy with the color you're getting, make sure you haven't accidentally checked the wrong setting.

HP's current generation of drivers, for example, lets you choose among the default ColorSmart/sRGB (which is sRGB), Adobe RGB (of interest only if you have one of the few cameras that use this standard), and Managed by Application (the raw, device-dependent color; the setting to use if you want your application program to manage the color). If you want your driver to handle the color management, make sure it's set to sRGB.

Application-based color management is available in only a few programs, most notably Adobe Photoshop. Such programs typically take advantage of standard ICC (International Color Consortium, www.color.org ) profiles, which are available on Web sites and come with some devices; you can also create them yourself with the appropriate hardware and software (see the sidebar). If you choose an application-based approach, the color management will work only for that application, so you'll still need the driver to manage colors for other programs.

If you use application-based color management and your printer driver has a special setting for this (as with the HP drivers), you'll have to change the driver setting every time you use the application. Otherwise, both the driver and application will try to correct for the same color shifts, and you'll wind up overcorrecting. In fact, if you get poor color only when printing from a particular program, check to see if the program has a color management feature. If so, you may have accidentally turned it on.

To check the setting in Photoshop 7.0, choose File | Print with Preview, and make sure the Show More Options box is checked. In the drop-down list just below the check box, choose Color Management. Unless you want Photoshop to manage color, make sure the setting in the Source Space box is Document and the setting for Profile in the Print Space box is Same As Source. (To use Photoshop's color management, you'd pick the appropriate profile to use instead.)

In the Windows world, color management at the operating-system level is widely ignored. HP, for example, says that none of its current drivers support it. But even HP recommends using the default Windows settings, since the feature could conceivably affect colors with some programs. To check the setting for a printer in Windows XP, choose Printers and Faxes on the Start menu, right-click on the printer, and choose Properties, then the Color Management tab. Depending on the printer, you may or may not see a list of profiles. If you do, ignore them, make sure color management is set to Automatic, and click OK.

The Best Printing Path

Many, if not most, ink jet printers today can print either from a computer or directly from a camera or memory card. But memory limitations in the printer often restrict color-rendering algorithms to less sophisticated versions of the ones in the printer driver. If you're not satisfied with the color from direct printing, try moving the files to your computer and printing from it.

The color should be better. If it's not, look for differences in settings between the printer's built-in menus and the printer driver. For example, the default paper-type setting for direct printing is often glossy paper, since the assumption is that you're printing a photo, while the default setting in the driver is usually plain paper.

There's one important exception to the rule that printing from the computer gives better color than printing directly. If you're making copies on an AIO, giving the copy command from the front panel will often result in a closer color match to the original than giving the command from a control program on the computer.

Specifics vary from one AIO to the next, but in general, if you give the scan command from the AIO's front panel, the color information will go directly from the scanner to the printer, with no intermediate stops. The two are usually fine-tuned for each other, and there's only one translation step, from what's called the color space for the scanner to the color space for the printer, so you should end up with a close match.

If you give the Copy command from your computer, one of three things may happen. With some AIOs, the command simply tells the AIO to copy, just as if you had given the command from the front panel. With others, it sends the scan to the computer to take advantage of the superior algorithms in the driver, but stays with only one translation step, so the color may improve.

With still other AIOs, however, the scan goes to the computer, where the driver first translates the colors to the monitor's color space, then from the monitor's color space to the printer's color space before printing. Much like in the game of telephone, some data gets lost at each step, so the final colors will not be as close a match as with the other two approaches. The best way to avoid this problem is always to give the copy command from the front panel of your AIO.

Nearly Effortless

Thanks to sRGB, color management today is a classic example of the 80/20 rule—the idea that you can get most things 80 percent right with 20 percent of the effort it takes to get them 100 percent right—except in this case the split is closer to 90/10. If you want to go further, check out "Color Calibration Tools." But rest assured that with the information we've covered and a capable printer, you already know enough to print photos that will easily stand up to what you'll get with film dropped off at your local drugstore.

Color Calibration Tools

If you want something closer to perfection in your photos than what you get from sRGB, plenty of tools can help.

You might want to try basic monitor calibration, which consists largely of making sure your brightness and contrast controls are adjusted properly. A good place to start is at www.displaymate.com/demos.html, where you can download the free DisplayMate demo program to use as a calibration tool.

If you want to move to the next level, we highly recommend the full version of DisplayMate, which is what we use at PC Magazine Labs both to calibrate monitors and to test them. You'll also find a wealth of useful information on the DisplayMate site, including instructions for how to use DisplayMate to calibrate your printer.

For still more sophisticated calibration, you need a package that creates ICC profiles based on measurements taken with a colorimeter (which measures colors in a manner similar to the way the human eye sees them). You can then use the profiles with the color management features in programs like Photoshop.

ColorVision ( www.colorvision.com ) offers a range of excellent choices targeted at various types of user, from the digital photography enthusiast to the professional, and covering both monitors and printers. PC Magazine has looked at several of these packages, and we've generally liked them. ColorVision ColorPlus, a monitor calibration product ( http://go.pcmag.com/colorplus ) has a street price of $99. The ColorVision PrintFIX Suite goes for $399. Our review of the previous version can be found at http;//go.pcmag.com/spyderpro .

These products are part of the Pantone ColorVision product family, the result of a marketing alliance between ColorVision and Pantone ( www.pantone.com ). The current versions are built around a new, and presumably improved, colorimeter. Be advised, though, that these tools are best suited for professionals and perfectionists, as they require a lot of extra work for relatively little payoff.