Ask the Geek

Our computers have become a mainstay in our homes and offices, and we rely on them to perform well to keep the rest of our lives motoring along at peak efficiency as well. One of the most common problems people encounter with their computers has to do with their drivers. These tiny bits of software are responsible for many of the communication connections within our computer systems. When communication is hindered, the entire system can be affected. We have some tips to keep your computer in top health by keeping your drivers in top form.

Click Here To Download Your Drive Analyzer Report

First, make sure you perform periodic updates on your drivers. Just like the rest of your system, drivers need to be equipped with the latest and greatest technology to allow them to communicate effectively with the rest of your updated system. In some cases, you will know your driver is due for an update because your computer will slow down or a particular piece of hardware no longer works as well. However, it is best to perform updates before these types of problems arise, so maintaining a regular update schedule may be the best approach.

Next, make sure your system remains clean by removing unused and outdated drivers as necessary. Just like any other excess files cluttering your system, unused drivers can take up valuable computer space, which can slow down the performance of your system. If you have an automated driver program, this software will often remove these unwanted drivers automatically for you. For more about these programs, click here:

Click Here To Download Your Drive Analyzer Report

Keeping your drivers working at top capacity makes a big difference in the performance of your PC. You can handle these tasks manually or invest in an automated driver software program that can take care of these jobs for you. Check out this automated program here:

Click Here To Download Your Drive Analyzer Report

You may have noticed that your computer has gotten slower over time. Some people think that computers are supposed to slow down and become harder to use the older they are. These people will tell you that the only way to recover the performance of a new PC is to reformat and reinstall your operating system. This is a myth. Making your computer run like new doesn’t require reformatting or even reinstalling Windows. The number one reason that computers slow down is because of the registry.

The Windows registry is a huge database containing the computer’s configuration information, that is, the name of each program, where it is located, and any other relevant data. As more and more programs are installed, uninstalled, and modified, more and more entries get added to the registry. Eventually the database becomes so huge that it’s almost unmanageable, resulting in long access times that slow your system to a crawl. The solution is to clean out the registry.

The free Registry Risk report explains the most efficient ways to clean the Windows registry, what a corrupt or unorganized registry can mean for your computer, and other valuable information. If you’re computer seems to run extremely slow or crashes often, the solution is a registry cleaner.

Registry cleaners are programs which scan the Windows registry to find outdated, invalid, or empty data sets and delete or fix them. There are many good ones available and most of the ones I’ve tested are reliable and safe to use. Most of them are unlikely to mess anything up and can scan you system in as little as five to ten minutes.? For more information, you’ll want to get the free Registry Risk report.

After you get your copy of the report, you’ll be given to opportunity to get a free scan of your system registry compliments of Registry Easy.

Technorati tags: Registry Cleaner, Windows, Software, Utilities

Click Here To Download Your Free Registry Risk Report

My new eBook, “14 Golden Rules of Computer Security” is almost complete and will be ready for downloading shortly. Written with the non-technical person in mind, the book is packed with proven, practical advice on how to stay safe on the Wild, Wild Web including bonus articles about creating strong, easy-to-remember passwords and email security tips. I give you tons of links to free and low-cost tools as well as special discounts for software and services by some of the best computer security companies in the business. It’s a must-have for every computer owner.

Based upon my popular “How to Secure Your Computer” series of web articles and fully updated with late-breaking information on safe searching and social networks, “14 Golden Rules of Computer Security” will help you develop your own secure computing practices and save you from the hassle of dealing with unpleasant malware attacks.

The book will cost $9.95 for the general public, but all Ask the Geek subscribers will be sent a download link and password for a free copy, so be sure to sign up. (If you already closed the subscription panel, you can sign up by clicking here or on the Sign Up! link on the Pages sidebar.)

Sign up today and then watch your email for the release announcement and download instructions.

Once again, in May 2009, I have had to revise this article because Avira’s updates no longer work (thanks, Cindy, for your help in pointing out the problem to me). This new revision supercedes all previous articles I have posted on this subject; specifically, these two:

http://askthegeek.kennyhart.com/2005/12/how-to-make-bootable-thumb-drive-virus.html

http://askthegeek.kennyhart.com/2007/03/update-how-to-make-bootable-thumb-drive_20.html

“How to make a bootable thumb drive virus scanner for NTFS” is the second most popular article on this site, outranked only by “My Computer Won’t Shut Down!” and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.

The original DOS-based version of the thumb drive virus scanner used F-Prot Antivirus for DOS, one of the best and most popular DOS-based? scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now almost two years old, making them virtually useless. Other vendors are following suit. I’ve had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.

The good news is that, yes, I’ve solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it’s a simple matter to make a bootable thumb drive from the images.

Note: Avira has changed the ISO image *again* since this article was first posted. I have had comments from some people that the new ISOs just don’t work right on the thumb drive. As of May 2009, the VDF updates cause the old version to fail. I have revised the steps below and updated the BLTDVS toolkit. Because of? the popularity of this toolkit, I am getting bills for excess bandwidth useage. If you find this toolkit useful, please consider making a donation by clicking the “Donate” button. As soon as I am notified of your donation (any amount, minimum $1), I’ll send you the link to the toolkit that contains the ISO image I originally tested.

I chose the Kaspersky Rescue CD from Kaspersky Lab for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS (which is still available, but no longer supported by Avira).

Here’s how to be up and running with your own copy of my latest tool in just a few minutes. I’ve made it easy by providing everything you need, except the rescue CD image:

1. I no longer require that you make a donation, but would appreciate it greatly. I’ve worked hard to keep the BLTDVS toolkit up to date and will contintue to do so.
2. I do require that you sign up on my list. That is the only way to get the download link and password for the BLTDVS toolkit. Once you sign up and confirm your subscription, the welcome email will give you instructions, a link to the new toolkit, and the password.
3. If you bypassed the fade-in sign-up form when you arrived at this page, you can click here to go to another sign-up page or click on Sign Up! in the toolbar to the right.
4. Download the BLTDVS toolkit from the link I send you.
5. Extract the folder to the root of your hard drive.
6. Download the Kaspersky Rescue CD ISO image
7. Move the CD ISO image to the BLTDVS_toolkit folder?
8. Plug in your thumb drive.
9. Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
10. Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the “Create a DOS startup disk” option.
11. Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don’t move the actual folder.
12. On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
13. Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
14. CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn’t a complete disaster, but it takes some geeky knowledge to fix it.)? NOTE: If you are usingVista, you may see a “failure to update the MBR” error. In this case, right-click the file and specify “Run as administrator.”
15. Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.

One really cool feature of the Kaspersky program is that it will allow you to update it over the Internet as long as you’re plugged into your network. It doesn’t work well with a wireless connection (which both of my laptops have), but I haven’t had a bit of trouble getting an address and updating when I’m plugged in.

Another great feature of the program is that it has a built in file manager, so you can also use it to recover files from an infected hard drive without having to boot into the native OS.

As always, feedback is welcome. I want to know how this tool is working for you.

(Thanks to PDLA ©2007 http://pendrivelinux.com and Lance ©2008? http://pendrivelinux.com. Syslinux is ©1994-2006 H. Peter Anvin http://syslinux.zytor.com for the files used in this tool.)

Cheers!
The Geek

Though I haven’t had any problems of my own, I know a couple of people who installed IE8 and then complained about it running very slowly, sometimes completely bogging down their systems. This type of behavior usually signals a problem with system resources, but thanks to Ed Bott over at ZDNet, there may be a simple fix. His article, “Is IE8 really fat and slow?” gives a simple command that may help (restart your computer after running the command):

regsvr32 actxprxy.dll

That re-registers the ActiveX Interface Marshaling Library, an obscure DLL that most people (even Microsoft experts) had never heard about. (Update: 27-Mar: Note that if you try this using Windows Vista, you must do this from an elevated Command Prompt window; type cmd in the Start menu Search box, right-click the Cmd.exe shortcut, and then choose Run As Administrator.)

According to Ed, when one of his colleagues did this, the results were stunning and IE8 was stable as well as performing faster.

Let me know if you’ve had any trouble and if this tweak helps.

Cheers!
The Geek

The original title of this article was “Nine Steps to System Security – 2008,” but the date is misleading—these tips are just as applicable now as they ever were and will probably hold true for a long time. The new title is “Safe Computing in a Web 2.0 World.” I guess I’ll have to change it again when we get to Web 3.0 You can download a PDF version here: http://cli.gs/jHVvWd, but here it is for you to read online:

Safe Computing in a Web 2.0 World

It isn’t getting any better on The Wild, Wild Web, despite state and federal government attempts to arrest and prosecute those responsible for electronically-perpetrated criminal acts. Spyware and malware of all kinds are increasingly more stealthy and difficult to remove thanks to rootkit technology. With the advent of Web 2.0 and its emphasis on sharing and collaboration, web-based attacks are more prevalent than ever, especially those that rely on JavaScript and other scripting languages.

CAN-SPAM did little to deter or eliminate spammers, and today the spam problem is even worse thanks to huge botnets run by organized cyber-crime syndicates. Phishing attacks are harder to detect and more frequent. Recently, I spent the better part of two days cleaning up the aftermath of a mass mailer worm infection for one of our clients; their email is still being blocked by some servers. In its September 2005 issue, Consumer Reports said, “One Third Of Net Users Damaged By Malware.” Considering that article is three years old, I’d wager that the number of infected computers has doubled since then.

In my job as a systems engineer for Connective Computing, Inc., I deal with the effects of malware nearly every day. My previous releases of this article, "Seven Steps to System Security – 2004" , and "Eight Steps to System Security – 2005", listed the field-proven steps I recommend to everyone I know. It’s been nearly three years since I published the last guide, but those eight steps haven’t changed much; they just need to be brought up to date, and a new step involving disabling scripting in the browser has been added. Computer users still haven’t learned safe surfing practices, however (will they ever?), and must modify their on-line behavior–particularly by applying the first step–for rest of these steps to be truly effective.

Did I mention these things are proven? They are. These are practices have been protecting computer users in homes and businesses for as long as I’ve been using them. This is free advice that’s really worth something:

1. Repeat after me: I will NEVER, EVER click on any pop-up of any kind – NEVER, EVER. Not even on the “X” (it’s usually safe, but why take the chance?). Use the key combination Alt-F4 instead; it safely closes the current window. In the slimy world of sleaze-ware, “No” means yes, “Cancel” means yes, “Close” means yes – ANY click on a button means yes. So many times users ask, “How did I get that? I clicked ‘no’ when it asked me!” Well, sorry, but you clicked, so they got you. NEVER, EVER CLICK!
2. Although Internet Explorer 7.0 has enhanced security and has been detached somewhat from the Windows operating system, it is still too big a target. Crackers are still writing malware that exploits IE security flaws. I recommend you use Firefox or Opera to browse the Web. (Some web sites still require IE, so you’ll be forced to use it for those, but you should minimize its use otherwise.) Whatever browser you use, be sure you configure your preferences to block all unwanted pop-ups or install a pop-up killer like the Google Tool Bar. And while you’re at it, re-read #1!
3. Patch your system. If you’re still running XP, make sure you have at least service pack 2. If you’re a home user, install service pack 3. (I still see systems that are running XP with service pack 1 or 1a, probably because they turned off automatic updates. While some argue against it, I recommend you turn them on.) And be sure to install any recommended security updates and patches for ALL software on your system, – especially Microsoft Office – not just Windows. If you’re running Windows Vista, you benefit from its enhanced security, but you still need to keep ALL of your applications patched. Secunia’s Online Software Inspector is an excellent tool for scanning your system’s applications to discover those that need updates.
4. Besides installing a NAT router (see How to Secure Your Computer: Maxim #2), run a properly-configured, proven software firewall. Don’t rely only on Windows XP’s built-in firewall – it blocks inbound attacks only (see this article) and it has flaws of its own (see this article). It will not stop back-door Trojans, adware, spyware, and the like from “phoning home” with your sensitive information. (See this article for more info.) While Vista’s firewall does offer outbound filtering, it isn’t much better (see this article for more information). My favorites are the Comodo Personal Firewall (free), and the Sunbelt Kerio Personal Firewall (full-featured for 30 days, then runs free in limited-feature mode, $19.95/yr for full version).
5. Run a good anti-virus program. Choices abound. I have used AntiVir Personal Edition (free) and Grisoft’s AVG (free). Other good ones are Avast! and Comodo AntiVirus.
6. Run multiple anti-spyware/anti-adware programs and keep them updated. I recommend: a. Spyware Blaster. This free program blocks adware and spyware from installing in the first place and is frequently updated; b. Ad-Aware. Scan weekly, more frequently if you are a heavy surfer; c. Spybot S&D. Run it on the same schedule as Ad-Aware; d. Microsoft’s Windows Defender is an excellent product and is installed by default in Windows Vista. Configure it for real time protection and automatic updates. One of the best commercial anti-spyware applications is Sunbelt Software’s CounterSpy. It is a PC World Best Buy award winner. Comodo BOClean:AntiMalware is also a good one and it’s free.
7. Run a spam blocker to isolate junk e-mail. Most malware and all phishing attempts rely on spam. You want to isolate this stuff and delete it. NEVER, I repeat, NEVER, EVER click on a link in any e-mail you are not absolutely certain is legitimate. And to be as safe as possible, always type in the address of your bank, credit card companies, and any other site that you want to keep secure. (See #1 above and apply that principle to links, too!) One of the best programs is Open Field Software’s ella for Spam Control. It uses wizards to “train” it to your personal specifications. There are free and paid versions that work with Outlook, Outlook Express. My clients swear by it. Another good program is Sunbelt Software’s iHate Spam.
8. On Windows XP, set up a restricted user account and use that for routine tasks. Only log on with administrative privileges when you need to install or configure software. This will prevent rogue programs from affecting your system – they won’t be able to install. You can activate the “run as” feature so you can do administrative tasks while logged in as a restricted user. Microsoft Knowledge Base article Q294676 explains how to activate and use this feature. If you are running Vista, you don’t have to worry about this step: User Access Control (UAC) takes care of it.
9. Finally, disable scripting in your browser. If you use IE (you probably shouldn’t, see Step 2), Tony Bradley gives you an excellent step-by-step procedure to accomplish this. Firefox users have a more elegant solution in the form of an add-on: NoScript. I use it on every PC. Scripts are blocked globally by default, but you can selectively activate them if you trust the site. For example, you can trust the main site’s scripts but keep blocking any advertising or other third party scripts with no ill effects.

While total immunity is impossible – new infections and variations on existing exploits appear daily – these nine steps will help prevent, catch, or clean 98 percent of the junkware out there. As for the other two percent – or if you are already badly infected – you’ll need to hire a geek like me.

Jenny Mackintosh over at the ITKE Community blog (the folks who host my Security Corner blog) announced a cool contest for anyone who wants to show their tech savvy. The only catch is that you have to register as a community member, but ITKE is reputable, so this isn’t a problem:

Now through the end of April, you can not only show off your IT skills by asking and answering questions on? ITKnowledgeExchange.com, but you can earn the chance to spend some quality time honing your bad-guy-vaporizing skills on your very own Xbox 360.

From today (March 18th) through April 30th, you have a chance to win one of three Xbox 360 consoles. The winners will be the top 3 community members who have the most Knowledge Points earned and have asked 5 IT-related questions (you still earn Knowledge points for asking questions) during the contest period. So tell your friends and co-workers to post their IT questions on? ITKnowledgeExchange.com so you can answer and rack up your Knowledge Points.

You can read my post about it here: http://cli.gs/WPeXGT.

Have fun and good luck!

I’m now an expert author for EzineArticles.com. You can check out my public profile by clicking that Ezine@rticles icon over there, or you can click here. What is EzineArticles? you ask. Here’s what they do:

EzineArticles.com is a matching service — bringing real-world experts and ezine publishers together.

Expert Authors & Writers are able to post their articles to be featured within the site. Our searchable database of hundreds of thousands of quality original articles allows email newsletter publishers hungry for fresh content to find articles that they can use for inclusion within their next newsletter (up to 25 articles per year per our Publisher TOS).

My first two articles have just been published. If you’re a newsletter publisher or webmaster, check out the site and my articles and put them in your next project:

Do You Recognize the Four Early Warning Signs of Hard Disk Drive Failure? (Click the link to the right if you need data recovery services.)

Five Essential Steps to Online Security

Watch for many more to come.

Elevate America initiative provides technology skills tools at no cost and low cost.

This is great news for anyone who wants to pursue a technical career. This is the kind of stimulus that will really make a difference!

REDMOND, Wash. — Feb. 22, 2009 — Microsoft Corp. today announced a new initiative, Elevate America, which will provide up to 2 million people over the next three years with the technology training needed to succeed in the 21st-century economy.

Microsoft has worked for years with other businesses and community-based partners to broaden access to job opportunities through information technology education and training. Elevate America expands these efforts and provides immediate support in response to the current economic crisis in partnership with others in the public and private sector.

Elevate America has two main offerings, one available immediately and one that will be provided in partnership with state governments including those of Florida, New York and Washington.

A new online resource, located at http://www.microsoft.com/ElevateAmerica, is available today. This new Web site helps individuals understand what types of technical skills they need for the jobs and entrepreneurial opportunities of today and tomorrow, and resources to help acquire these skills. The Web site provides access to several Microsoft online training programs, including how to use the Internet, send e-mail and create a résumé, as well as more advanced programs on using specific Microsoft applications….

If you would like to receive information when the Elevate America resources become available in your state, please follow us on Twitter: http://www.twitter.com/elevateamerica.

I sometimes enjoy playing with codes and ciphers. In fact, a long time ago (eighth grade, 1966), I got my introduction to cryptography from a book aptly named Codes and Ciphers written by Alexander d’Agapeyeff. My friends and I had some good laughs getting caught passing encoded notes in class; the nun couldn’t decipher them. Being an Edgar Allen Poe fan, I was fascinated by his story “The Gold Bug,” which centers on the solution to a cipher that turns out to be a map to hidden pirate treasure. And then there’s that bit with Ralphie, the hero in the classic holiday hit movie, A Christmas Story, where he anxiously awaits the arrival of his “Little Orphan Annie Secret Decoder Ring.”

But I digress.

I know this isn’t a new concept by any means, but the application of simple cryptographic principles can allow you to generate passwords using patterns that you can safely write down. One of the key elements of authentication is “something only you know” and you can use this to generate secure passwords with simple substitution and transposition ciphers. (WARNING: playing around with this stuff can be habit-forming!)

Let’s take a simple example of a substitution cipher based on a date. This one uses two levels of secret “keys”: 1. a clue or mnemonic for the date; 2. an abstraction of the encoding algorithm. We’ll use Abe Lincoln’s birthday in numeric form–02/12/1809–for our plaintext, leaving out the slashes, i.e., 02121809, which will result in a strong, eight character password. Now, for the first key, we can use “BDAbe.” This immediately reveals the plaintext, but means little or nothing to anyone else. (NEVER use your own birthday, for obvious reasons.)

Next, we decide to use alternating shifted characters, beginning with the first character. So, for key two, we make an abstraction of that: %x#, for example. It doesn’t matter what characters you use, only that they clearly represent shifted and lower-case characters; you could just as easily use AyT or !2@. The pattern of shift-lowercase-shift on the keyboard is what matters to you; the characters mean nothing else. Put the two keys together and you have this: BDAbe%x#. That’s your cipher pattern, the “something only you know,” with an added level of complexity: it’s something only you know (the plaintext) and only you know what it means (the encoding pattern). Anyone who sees BDAbe%x# will have your keys, but it’s likely they won’t have a clue as to what to do with them. Write it down. Post it all over the place. Buy an ad in the newspaper. Tell everyone you know. Who cares? It isn’t your password and only you know what it means; but, it looks like a password and serves as an effective deception.

Finally, we generate the actual password using our cipher pattern of alternating shifted and lowercase characters, so 02121809 becomes our ciphertext of )2!2!8)9: eight characters, each having one of 96 possible choices. In a brute force attack, a modern PC, capable of guessing 10 million passwords per second, would take 23 years to go through all possible combinations of an eight-character password with a 96 character selection space. Not too shabby, eh?

For website logins where high security isn’t a concern, you can drop the “www.” and use the rest of the URL as your plaintext. In this case, you only need to write down the password length and encoding pattern. Let’s say I have a login on the site www.nytimes.com. I don’t care if someone reads the news using my password, so tight security isn’t a concern. I decide on a pattern of lowercase-shift-shift and decide to use a six-character password. The encoding pattern is x%^, so I can write that down as nytimes.com/x%^. Who’s going to know what that means? The password would be nYTiME. At only six characters and despite being based on the URL itself, that password is still relatively secure: it would take a hacker 33 minutes to crack your password; he’d be able to set up his own account in less than 2 minutes. And why would anyone want to crack your password? NYTimes.com doesn’t ask for any personal information other than your birth year and zip code, nothing that’s worth anything to a criminal hacker.

I encourage you to come up with your own method of applying this to your passwords, and of course, I welcome your comments and questions.

Cheers!
The Geek

Have a question? It can be about anything from cooking to science, whatever you’re interested in: Click here to Ask the Geek! Kenny “The Geek” Harthun has been playing with geeky stuff since 1965. He’s a former research scientist, currently works as a Microsoft Certified Systems Engineer at Connective Computing, Inc. and loves to learn about anything and everything.