WizGidget

Last week I mentioned that email is one thing you could do safely at a public WiFi, IF you have your email configured to use SSL. SSL stands for “Secure Sockets Layer.” It builds a virtual “tunnel” through the network, much the same way that the VPN connection  does. The data is encrypted in such a way that someone snooping the network stream would have a very, very difficult time cracking the encryption so that they’d have access to your information. The entire data stream is encrypted, including login information such as username and password.  Without SSL, someone on the same local network as yourself could easily “snoop” the network stream and read all of your information, including usernames and passwords.  I would recommend using secure email even if you only use email from home.

Most email providers have the ability to support SSL-encrypted email. There’s two streams for email, both the incoming which is either IMAP (Internet Message Access Protocol) or more typically POP (Post Office Protocol), and the outgoing stream which is SMTP (Simple Mail Transport Protocol). SMTP is the protocol used to send email; it’s also the protocol used to send email between email servers. From a network perspective, each protocol uses a standard “port”, for instance, POP normally uses port 110 and SMTP normally uses port 25. SSL encrypted POP and SMTP normally use port 995 and 465, respectively. IMAP normally uses port 143, while SSL imap uses either port 585 or 993, depending on whether it’s normal IMAP tunneled through an SSL connection, or a newer IMAP standard that incorporates SSL. Your email provider should be able to tell you what ports to use for their email servers. Often they provide this information on their web page. For instance, Yahoo has a web page with instructions for setting up your email application (such as Outlook or Outlook Express); the URL is http://help.yahoo.com/l/us/yahoo/mail/yahoomail/mailplus/pop/pop-35.html.  Alas, Yahoo’s pop-able email account is a fee-based service.  Google on the other hand has free pop-able email.  Their instructions are at http://mail.google.com/support/bin/answer.py?answer=75291

Basically, setting up secure email in Outlook or Outlook Express involves turning on the SSL layer, setting the correct port numbers, and of course testing that your email still works.  For Outlook, click the Tools menu, then pick Email Accounts.  The “View or change” radio button is selected by default, just click the “Next” button, then pick the account to change, and click the “Change” button on the right.  In the window that pops up, click the “More Settings” button, then the Advanced tab.  Check both of the SSL checkboxes — POP should automatically reset to port 995, but you’ll have to change SMTP to port 465 if that’s what’s required.  Outlook Express is similar: click Tools, then Accounts, then the mail tab.  Pick an account, and click the properties button.  Next click the Advanced tab, and make the same settings as Outlook.

Spouse Ann wants to know what’s all the hoopla in the news recently about the Internet running out of addresses, so we’ll explore that next week.  Have your propeller beanie ready.

Last week we talked about some of the ways that your internet surfing can become risky from a networking perspective.

The first thing for keeping safe at home is either to use a wired network or to make sure your wireless router is using WPA or WPA2 security with a “Pre-Shared Key” (PSK) which is basically a really long password.  Being an engineer I like using some form of scientific number like Planck’s Constant that I’ve memorized  as the PSK.  Other people like to use a phrase or lyric that means something to them and is thus easy to remember.  It doesn’t matter what you use, but the more characters or numbers it has the more difficult it will be to guess.  Using WPA security effectively makes your wireless session undecipherable to other computers, even ones that are connected to your wireless network.  It also makes it fairly impossible for someone without your PSK to connect to your wireless network.  This is important, because as we discussed you really don’t want strangers and neighbors to have access to your network – it’s like leaving your front door unlocked when you’re away.

Most wireless networks at coffee shops, airports & hotels don’t use WPA security because that would make it difficult for their customers to use the network.  So, while you’re connected to that network, your computer is exposed to others who might find your information useful.  You could just have fun browsing the web, but using a web-based email reader, ebay, facebook, or anything that requires a login is not a good idea.  In other words you can’t do anything really useful. You can be somewhat useful catching up with your email… if you’ve made sure your connection to your email server is encrypted using SSL.  Most email providers and email applications like Outlook can handle an SSL connection, if you configure it properly.  But that’s only going to help if you’re using your own computer (laptop or tablet since you’re at a coffee house, right?), AND you’ve configured your email properly.  We’ll discuss that next week.

Pretty much anything you’re going to do in a web browser needs similar security, and fortunately there is a solution in the form of a “VPN” service.  VPN means Virtual Private Network – it’s a software method for encrypting your entire internet session so that nobody between your computer and your VPN provider can snoop your web session.  VPN works by configuring a virtual encrypted “tunnel” between your computer and the VPN provider.  Just do a search for “VPN provider” and you’ll find a number of companies that provide this service for varying prices.  I recommend checking out any company that you pick, because while your neighbors won’t be able to snoop your session, the VPN company can.  Google the company name or domain and see if anything nasty shows up before you sign up.  For instance, when I was doing the research for this article, at least one of the sites listed on vpnpreviews.com was flagged  by my antivirus program as being a fraudulent site.

Last week I left off with a description of the Processes tab in Task Manager, which is where we’ll continue this week.

I mentioned last week to be careful when you kill (“End”) a process.  There are some processes that will render your computer unstable or cause it to reboot if they are killed.  Svchost.exe is a good example – you may have noticed that there’s a bunch of them.  You may be able to kill one or two of them off, but you’re playing russian roulette — you don’t know which one is going to blast your computer’s brains and cause a hang or reboot.  McAfee published an update to their antivirus suite awhile back that clobbered the actual  svchost.exe file — after which the PC would not boot.  Fun, eh?  I, fortunately, don’t use McAfee.

Another thing that’s handy to do with the process list is to become familiar with the processes that are running there.  If you see a process that you don’t recognize, you can search it on Google.  You’ll most likely find information on what that process is and what software package it goes with.  You might even find one that’s an actual virus, although often these days viruses disguise themselves as legitimate processes — like svchost.exe.  I actually found one once, when I’d connected my Windows-2000 laptop up to a client’s network with no firewall.  Within 30 minutes my laptop had been infected with the MSBlaster virus.  I discovered it when my laptop started behaving peculiarly, and noticed the msblaster.exe process running.  That looked suspicious, so I checked it out and eliminated the virus.

You can also use the Processes tab to figure out which processes are being memory hogs.  Firefox, while my favorite web browser, seems to have a memory leak, and especially if it has a website loaded that has flash images.  The only solution for that is to occasionally kill Firefox so that it will free up the memory.

Lastly, there’s a Performance tab, that shows a graph of CPU and Page File (PF) usage, which is a measure of how much memory you’re using.  The PF graph is something to watch, because if the memory usage approaches or exceeds the amount of physical memory your computer has, it will slow things down considerably.  How can the memory usage exceed the memory available, you might ask?  Because Windows will swap pages of memory out to disk so that it can effectively have more virtual memory than it has physical memory  That’s why the graph is called the “Page File” graph instead of “Memory” graph.  The problem is that swapping memory pages in and out to disk is horribly, interminably slow, at least in terms of computer time — disk acess is maybe a thousand times slower than physical memory access.  How do you know how much memory you have?  There are several boxes with numbers underneath the PF graph, one of which is labled Physical Memory, which also lists the “Total Memory”.  Divide that number by a million to get physical memory in Gb.  Mine has 2612588,  which translates roughly to 2.5Gb of memory.

Windows has a nifty tool called Task Manager which is handy for a number of things.  You can access Task Manager with a right-click in the taskbar, somewhere that there’s not an icon already showing. You can also get the Task Manager with a control-shift-escape key sequence (press and hold the control key, then simultaneously press and hold the shift key, then press the ESC key).

One of the more common uses for Task Manager is to stop a program that won’t stop when you click the window’s “close” button (the X in the upper right corner.)  Once Task Manager is running, the Applications tab will show the list of active user programs you have currently running.  There are probably other programs running that don’t show in the Applications tab, but we’ll cover those later.  Once you find the program you need to stop from the list, you can right-click the program and then select “End Task.”  You may get a dialog box if the program doesn’t want to stop quickly.

The next tab is the Processes tab, which lists *all* of the programs running, including many programs that are set to run as a “service”.  This will often be a fairly long list.  You may recognize some of those processes, such as firefox, Outlook, or iexplore.exe (Internet Explorer).  You can also stop programs from this list, but be careful: killing the wrong process can cause your computer to be unresponsive or even reboot.  “svchost.exe” is one of those, and you’ll probably see several “svchost.exe.”  They act as sort of a “wrapper” that in turn run other programs like your networking services.

When you right-click on a process in the Processes tab, you may also notice an option to “Set Priority.”  This allows you to define which programs are going to get preferred treatment by getting more time to run on the CPU.  If your computer is a bit slow, and you have a program running you want to run a bit faster than others, you can use this setting to help.

Another option from a right-click on a process is the Set Affinity. If, like son Jesse you now have a quad-core CPU (4 cpu’s in one CPU chip that run simultaneously) you can tune your applications by telling them which CPU core to use.  Windows does a pretty good job of divvying out the workload so it’s not usually useful, likewise if your computer only has one CPU core.

Finally, the Processes tab is handy for figuring out who’s being a cpu or memory hog.  You can click on the column headings to get Task Manager to sort those columns.  The first click is going to sort it from low to high, which isn’t very useful.  Click it again and it’ll sort from high to low, which makes the hogs float to the top.  Sometimes if my computer is being sluggish I’ll sort the CPU or Memory column and kill off the worst offender.

More on Task Manager next week.  This week’s article was suggested by spouse Ann, I’d welcome suggestions from other readers as well!

Christmas has come and gone, the new year begins Saturday.  Are you one of those that make new year’s resolutions?  This could be a good habit, just from the point of view of acknowledging that we all can develop new habits to make life better for ourselves.  I thought this would be a good opportunity to review some things and make recommendations for the new year, things that you can incorporate into your computer habits to make your computer use safer, more enjoyable and less stressful.

My first recommendation is to make sure you have good antivirus software on your PC.  Although Microsoft is supposedly coming out with some reasonably good free antivirus software, I’d recommend against the free stuff.  Let’s face it, it takes a LOT of time to watch for new viruses and do the updates to the anti-virus to handle each new virus strain as it comes out.  The cybercriminals are constantly looking for ways to circumvent the current antivirus solutions, so its a continuous task to keep the antivirus solution up-to-date.  Since nothing in this world is truly free, follow the money: who’s paying for the work to keep it up-to-date?  You are though your subscription if you’re using a paid, commercial product.  I used to use CA, but had problems with that when I upgraded the hard disk on my laptop: I’m currently using TrendMicro, which seems to work reasonably well and doesn’t noticeably slow things down.

Why is this so important?  First and foremost, it protects your personal data, because that’s what many of the current viruses are designed to do: collect your personal data for cybercriminals to use.  Secondly, because another common purpose for computer viruses is to use your computer to commit cybercrime such as sending out tons of spam (see wizgidget.com/typhoid), or mounting a denial-of-service attack.  You may have heard about denial-of-service attacks recently in the news — they were used against the British government as well as Visa (the credit card company)  in retaliation for the Wikileaks founder Julian Assange being arrested for alleged sexual assault.  Whether or not you agree with the Wikileaks thing, I’m thinking you’re not OK with having a stranger use your computer to make political statements.

Secondly, set up regular backups for your PC.  If you don’t currently run backups on your computer, go out and get one of those external USB hard drives, and check with the salesperson to make sure it includes backup software.  One of mine actually has a utility that allows me to make a boot CD that will then completely restore my laptop… if I’ve taken a good backup image first.  I have mine set to take an incremental backup at night every couple days, so that it catches any new or changed files.

Finally, I recommend being careful about what information you give out on the internet.  Use disposable credit card numbers (see wizgidget.com/virtualcard) when you order stuff online.  Make sure your facebook and other online profiles either don’t include your birthday or have a bogus year.  I recommend 1982, that would make you what?  29?

Santa brought spouse Ann a Kindle e-book reader this year.   Look for e-book reader tips in future articles.

Last week we discussed using the Windows System Restore tool, and I commented that I’d let you know how it went with finding the issue with backups.  It turned out that the problem stemmed from the “Connection Manager” software I’d installed to support my broadband wireless card.  This week I thought it might be helpful to go over the process I used to isolate and resolve the issue.

The Windows System Restore tool is found on Windows XP by clicking the Start button, then All Programs, then Accessories, then System Tools, then System Restore.  The first screen on the System Restore window gives three choices: Restore, Create a restore point, and Undo my last restoration.  I picked Restore and clicked Next.  The next screen shows a calendar, with today’s date selected, and the list of restore points (if any) that were created for today.

Because I wanted to be able to put things back the way they were, I started with the current day and worked backwards, recording any software that had been installed, in the order it had been installed.  I kept going back day by day until I found the backup software install.  That way I developed a list of applications I would have to reinstall on the way back to the current setup.  Some of the restore points were listed as “Software Distribution Service”, which are clusters of updates done by the Windows Update or Microsoft Update.  I didn’t need to worry about which updates those were, I could just let Microsoft Update take care of tracking which updates needed to be reinstalled.

Once I had the list of software that had been installed after the backup software, I went ahead and did the System Restore, which requires a reboot.  I immediately tested the backup software to see whether it worked or not.  Joyfully it did, and so I knew that something that came after that broke things.

Even though the Windows and Microsoft updates had been interspersed with other installations, I thought it might be good to go ahead and get all the updates installed first.  I have Windows set to download, but not install updates, so most of them I could install that way.  Others I went to the Windows Update website (there’s a link on the Automatic Updates tool, available from the Control Panel) and forced the install.  After all the updates were installed and I’d tested backups, I installed each application, one at a time.  I tested backup after the application install, then rebooted, and tested it again.  When I installed the Connection Manager, backup still worked, but after the reboot it no longer worked, so I knew I’d found the culprit.  It turns out that  the broadband card manufacturer Sierra Wireless also has a connection manager tool separate from the cell phone provider, so I tried installing it instead, and that one doesn’t break backups.  It doesn’t have the nice bargraph showing how much bandwidth I have remaining for the month, but I can live with that.