TROUBLESHOOTING A SLOW INTERNET CONNECTION

Sometimes you'll hear me groan or sob quietly when you describe a simple problem. Let me give you an idea of some of the things that go through my head when a problem comes up. Take this as an example:

"My Internet connection is slow."

Your Internet connection is fine; your computer is slow.

Your computer is running normally but it has malware installed that is using up all your bandwidth sending out spam email.

Your computer's network card is going bad and needs to be replaced.

Your connection is saturated by another computer in the house that's downloading movie torrents.

Your DSL line has some problem - line noise, static, or the like.

Your cable/DSL modem is going bad and needs to be replaced.

Your router is going bad and needs to be replaced.

There is something causing interference that affects your cable/DSL modem - an appliance, a cordless phone, or something outside the house.

Your DSL filters aren't installed correctly - maybe the DSL line is filtered, maybe the voice lines aren't.

You have a bad network cable somewhere - between the cable/DSL modem and the router or between the router and the computer.

The interesting thing is that I have personal experience with each and every one of those, so I know they aren't theoretical possibilities. All too often there is no way to know where to start! Only one of them is likely to be the source of the problem, and it will look obvious in hindsight. I can gather clues from a lot of different places - I've learned a lot of tricks over the years so I'll do things you wouldn't think of to track down the problem. But make no mistake, computer problems can be elusive and maddeningly time consuming!

This is on my mind because I'm dealing with a troublesome DSL connection used by a small business with a simple Sonic DSL circuit (provisioned by AT&T). After two weeks and multiple visits and lots of time spent checking logs and working with Sonic, the business has a new network card in their server, a new router, a new DSL modem, and new CAT5e cables. Only after that work was done did we get to the point that Sonic could identify errors on the line justifying an AT&T service call. AT&T made its first visit and claimed to have identified and fixed the problem, but it was quickly apparent that things weren't any better, so we're waiting for a second AT&T visit. Hundreds of dollars in new equipment and fees for me to investigate, replace equipment, and deal with Sonic, and the problem is not solved.

Optimistic but frustrated. That describes how I feel often about technology. Sound familiar?

Labels: broadband, Internet

posted by bruceb at 12/15/2008 12:05:00 AM | permalink

SBS 2008 - SSL CERTIFICATES

Let me give you a quick overview of the kind of issue that makes it fun to be a consultant.

When you go to a web site where any personal information is going to be exchanged, you're likely to see the web site address change from http:// to https://. The data is encrypted (has a "Secure Sockets Layer" or SSL) and is reasonably well protected against eavesdroppers. You'll see it at banking sites or almost anything involving money or payment, as well as on web sites for access to company networks and other places where data should be confidential.

When you go to http://www.wellsfargo.com/, the bank's web server presents its security certificate from a known certificate authority, a big company that has done some checking to ensure that the server actually belongs to the company whose name is on the web site. Your browser examines it and agrees that it looks authentic, then it does some cryptographic things that convince it that the certificate was really issued by the big trusted authority. When it's satisfied, it proceeds automatically to https://www.wellsfargo.com/ and shows you a happy padlock icon in the address bar.

Until recently, SSL certificates were only used by big companies: they were expensive, required annoying paperwork, and the whole process was technically difficult.

Small Business Server 2003 wanted remote users to log into its great Remote Web Workplace over a secure SSL connection but couldn't saddle small businesses with the headache of buying expensive certificates, so it used a workaround. By default an SBS 2003 server presents a "self-signed certificate." Essentially the server vouches for itself and tells your browser that it's safe and trustworthy.

That sounds a bit flaky but it worked well enough for a long time, until security concerns began to trump everything else. Business people began buying Windows Mobile phones to sync their Outlook folders over the air and for a while it was possible to convince them to accept the SBS server's self-signed certificate, but it got harder and harder to accomplish - it required finding the right tool to install the certificate on the phone and the manufacturers were nervous about giving people access to the depths of the phone's operating system to do that. Now it's almost always impossible.

Meanwhile Microsoft began to add new security warnings to Internet Explorer as part of its hardening over the last few years. Now when you go to a site with an SBS 2003 certificate, you get this ominous warning:

If you go past the scary warning to the company's RWW site, you get the unhappy red IE address bar instead of the happy padlock:

Fortunately, a few companies began offering inexpensive SSL certificates with a minimum of fuss. GoDaddy.com offers SSL certificates for only thirty dollars per year that are accepted by most computers, phones and other devices. SBS consultants began to work out elaborate documentation for installing them on SBS servers. Many consultants made it a standard part of setting up a server running SBS 2003.

SBS 2008 still begins with a self-signed certificate but a wizard is included in the initial setup checklist to help purchase a third-party certificate.

The wizard wasn't helpful to me in a migration where I already had a domain name with an existing certificate. I found myself burrowing deeply into IIS and feeling my way through the process. I was successful but it took some interesting tricks to get everything to work correctly.

The experience exposed another interesting feature of Exchange 2007. If a company runs the web site http://www.bigfirm.com/, it can set up http://remote.bigfirm.com/ as a subdomain that leads to their internal company network. Set the company's MX record for incoming mail to http://remote.bigfirm.com/ and give that address to the business people for remote access. SBS 2008 has wizards to help get the domain names registered and set up in Exchange.

Then if a business person goes home and sets up Outlook 2007 for an Exchange Server at http://remote.bigfirm.com/, Outlook will configure itself automatically with the settings to connect over the Internet to Exchange Server at the office. It's not necessary in that case to configure the deep proxy settings that have been required until now to set up Outlook for RPC over HTTP. Microsoft thinks the technology is so cool that it blessed it with a new brand name, "Outlook Anywhere." (SBS 2008 does some of the magic to accomplish that, thank goodness - otherwise it requires deep surgery in ADSIEDIT and the Exchange command line console.)

That works fine, I'm sure, but I used a different naming scheme when I bought domain names for all my SBS clients for their remote access. SBS 2008 does not like that arrangement one little bit. And it's only easy to set up a subdomain and manipulate MX records if you have full DNS control over the ISP for http://www.bigfirm.com/. A small business will frequently have set up their web site with small hosting companies and web site designers that are, shall we say, not always easy to work with.

You see what I mean, I'm sure - it's fun!

Labels: domains, IE, Internet, mail, Microsoft, mobile, Outlook, phone, remote, SBS, security

posted by bruceb at 12/03/2008 12:46:00 AM | permalink

SPAM HOST CUT OFF

The volume of junk e-mail sent worldwide plummeted on Tuesday after a company providing the servers for the spammers was taken offline.

The bad guys install malware on computers that they can control in vast networks, primarily to send spam for counterfeit pharmaceuticals and designer goods, fake security products and child pornography. Approximately 190 billion spam messages are sent every day from more than 1.5 million hijacked computers. The spammers set up servers to control the hijacked computers and to display web pages offering illicit goods for sale.

The spammers don't buy their own servers. They buy server space from hosting companies, which are shielded from liability in many cases and not directly responsible for the actions of their customers. That has made it difficult to find the spammers and prosecute them, leaving law enforcement frustrated and frequently ineffective.

Reports were published recently identifying McColo Corp., a San Jose company, as the hosting company of choice for virtually all the top botnets blasting out spam or malware attacks. The company has offices in a 30-story office tower in downtown San Jose and apparently its entire business is devoted to providing a platform for bad guys and diverting any attempt to pursue the spammers by refusing to cooperate with law enforcement and shifting the spam networks around to help them evade detection. Researchers estimated that networks run through McColo servers were responsible for 75% of the world's spam.

In an interesting twist, security researchers contacted the two companies providing the Internet connection to the building. Both companies became convinced that McColo Corp. was evil and decided to cut off the company's Internet connections on Tuesday without fuss or delay.

The volume of spam worldwide dropped by more than forty percent immediately.

Lots of companies monitor spam and all of them noticed the huge decline, with estimates of drops in global spam from 40%-75% when McColo was forced offline.

This won't permanently reduce the volume of spam. It won't take long for McColo to find other Internet connections or for other companies to step up in its place. Trying to shut down the bad guys is like playing Whack A Mole - a law enforcement victory here, a broken Internet connection there, but they keep popping up.

It's always nice to have a moment of triumph, though, and this was a particularly dramatic one.

It was reporting by Brian Krebs of the Washington Post that got the carriers' attention - here's his article about the effect of the disconnect.

Labels: business, Internet, mail, security, spam

posted by bruceb at 11/13/2008 12:03:00 AM | permalink

WINDOWS AZURE & LIFE IN THE CLOUD

"Windows Azure" is a terrible name but you need to be aware of it anyway. Windows Azure is a breathtakingly ambitious platform outlined by Microsoft at last week's Professional Developer Conference, another attempt by Microsoft to position itself to profit from a paradigm shift that will be just as important as the move to the Internet in the 90s.

Yesterday I used word processing as an easy example to imagine what it would be like if you had universal access to your files with the ability to open and edit them from any computer. Of course, it's just as easy to imagine having easy access from anywhere to your Excel spreadsheets and Powerpoint presentations, with the programs running in a browser if you don't have a copy installed on the computer nearby.

Okay, now stretch a little bit. Imagine that you could have something like the same experience on your phone - Windows Mobile can sync folders using Live Mesh and it runs little tiny versions of Word and Excel. Photos can be moved around from computer to computer and/or stored online, too, so you might not be surprised by this anecdote from someone who tried using Live Mesh on his phone to sync the folder where the phone stores pictures. There were the pictures on his computer a few minutes later with no muss, no fuss, no action required at all. The camera on the phone looks a lot more usable all of a sudden!

But now let's take a big step. Windows Azure is a platform that will allow you to run programs that are identical to programs installed on your computer but which are actually running from Microsoft's online servers. Microsoft's goal is to have all of its programs run from Microsoft's data centers in such a way that you cannot tell the difference between a program hosted online and a program on your computer. The developer tools will allow all the other software vendors to do the same thing.

Some of you already have experience with that. Businesses running on Small Business Server use Outlook to connect to mailboxes stored in Exchange Server. At the office, people open Outlook to do their work; away from the office, they might use Outlook on their notebook computer, or they might check their mail or calendar on their Windows Mobile phone, or they might use Outlook Web Access to display their Outlook folders in a web browser. Outlook Web Access is already significantly improved in Exchange 2007 so it more closely resembles Outlook, and it only takes a small leap of faith to imagine the experience being identical to using the full program.

The Azure framework is intended to give developers the ability to present their programs to you over your Internet connection so that virtually all the hard work is done by the online servers. Microsoft or Google or Amazon have responsibility for holding the data and backing it up; when a program is updated, the updates are applied at the source instead of requiring you to take steps to install updates on each of your computers.

I'll be writing more about Live Framework, the unified underpinning of the various Windows Live services as they become increasingly integrated, and Microsoft Online Services, which will introduce hosted online Exchange mailboxes to many of my clients. They're early signs of this movement to online services that will change your life, whether you're ready or not. There are many miles and many competitors and the future is not assured for Microsoft, but make no mistake - the company has staked its future on this ambitious transformation.

Here are some more early comments on Windows Azure: Dan Farber on "Microsoft's Manhattan Project"; Robert Scoble says not to underestimate Microsoft's ability to turn a corner; CBS News on the Azure launch; and Joe Wilcox on the significance of the project:

"I simply cannot overstate how enormous an undertaking is Azure. Microsoft plans to support cloud services in every product. Azure is hugely ambitious and will transform Microsoft, whether or not the vision stated on Monday makes it to market. As such, Azure is enormously risky and its success as envisioned is uncertain."

Labels: business, computers, file_sharing, Google, Internet, mail, Microsoft, mobile, Outlook, photos, software, web_services

posted by bruceb at 11/04/2008 12:05:00 AM | permalink

CLOUD COMPUTING BASICS

There are lots of projects intended to move our computing lives online. Let me try to paint a picture of where our world is heading over the next 5-10 years. I'll use Microsoft projects as examples but keep in mind that other companies have similar projects and goals.

Start with hundreds of thousands of high-powered servers all over the world, run by big companies, providing storage space and computing power to do interesting things. Amazon and Google are already in that business, and one of Microsoft's big announcements at last week's conference was that it intends to commit the future of the company to providing services from its own global network. Assume that the companies are doing what it takes to convince you that they have the resources to keep things safe and working at full speed.

Take a step forward from where we are now (a small step, really) and imagine that when you click on File / Open in Microsoft Word and see a list of the files in your Documents folder, you're seeing a list that is the same regardless of where you're sitting or what computer you're using. Your documents are listed when you're at your desk, but the same list appears when you're at a friend's house or at an Internet cafe in Paris. You don't give that a second thought - you expect it to happen and it works.

Well, it doesn't work yet but you might be surprised at how many steps you can take right now toward that goal.

• You can store documents in Office Live Workspace; on your own computer you can open them from within Word after installing a little plugin, and from any other computer you can access them in a browser and open them in Word if it's installed on that computer.
• If you set up Live Mesh, you can have local copies of your documents on all the computers you use regularly, appearing in your Documents folder when you click File / Open in Word, plus you can access the same files online by logging onto the Live Mesh website.

Those services are still in their early stages of development and will become easier to use. I have some criticisms of the way some Office Live Workspace features are designed and those will be addressed, but I've also seen references to the likelihood that Live Mesh folders will be accessible in Office Live Workspace and you'll just have to trust me - that moves us a huge step closer to that picture I painted up there of universal, easy access to your files from anywhere.

The bigger picture goes far beyond the basic ability to store files online - there are lots of ways already available to store documents online. The future lies in whether you can create and edit your files from any device.

So let's add one more element. Microsoft announced that you'll be able to use online versions of Word, Excel, Powerpoint and OneNote to work on your files if you're sitting at a computer where those programs are not installed. There are many, many details to be worked out about price, features (these will start out as "light" versions of the programs), and integration with your online files, but the concept immediately makes sense. Here's a screen shot of Word running in Internet Explorer - click through for shots of other programs:

Imagine that the experience of using Microsoft Word is identical regardless of whether you're using the copy installed on your computer or the online version, and you can open the same files regardless of where you're sitting. Under the hood, let's say Microsoft has done the heavy lifting to ensure that security precautions are observed for businesses. Interested yet?

Let's stop there for today. Tomorrow we'll take that a step further and try to understand just how wildly ambitious the plans are that Microsoft outlined last week.

Labels: business, file_sharing, IE, Internet, Microsoft, mobile, Office, software

posted by bruceb at 11/03/2008 12:33:00 AM | permalink

LIVE MESH UPDATE

Windows Live Mesh has just been updated, as of about noon on Thursday 10/30. If you are using it already, you will be notified to install the update; it will stop working until the update is installed on each computer running it. If you are not using it yet, it has been fully opened up to everyone - read about it, make sure you have your Windows Live ID set up, and you are free to sign up.

Windows Live Mesh is a place to store files online, a program that runs on your computer to keep folders in sync on multiple computers, and a way to get remote access to your computer from anywhere. Live Mesh now supports Macs, and limited testing has begun for Windows Mobile devices. (Click here for more information about the Windows Mobile client.) You will be able to take a picture with your cell phone and have the photo show up immediately on your PC and your Mac, or share files with anyone by sharing a Live Mesh folder so they can access it online or synced to their own computer.

The remote access is extremely well designed and will make it unnecessary for most people to pay for a subscription to LogMeIn or GoToMyPC. Connecting from one computer in your Mesh to another one is a single click - hover over the Mesh icon and click on "Connect." Files can be transferred between the local computer and the remote computer by dragging and dropping copying and pasting them.

[Addendum 10/31: Although files can be transferred between the local and remote computers by copying and pasting them, Live Mesh does not currently support dragging and dropping them. Live Mesh Remote Desktop also apparently does not implement any support for printing at all, so you can work on your remote computer but you can't print something directly on your local printer. Those will be compelling reasons for some of you to use LogMeIn Pro instead of Live Mesh for remote access!]

Other updated features:

• Tips for new users.
• Better support for large monitors in remote sessions.
• Permission levels for shared folders - creator, owner, contributor, reader.
• Drag and drop files between your PC and Live Desktop.
• Multiple file upload to Live Desktop.

Microsoft showed only a couple of applications built on the Mesh framework at the PDC this week. The BBC demonstrated a Meshified version of its iPlayer, an extremely popular service in England for watching TV shows online. The Mesh version will remember what you've watched and spread that information to all your devices. If you watch part of a show on your computer, the episode will start where you left off when you tune in on your cell phone or on another computer.

But that's just a taste of what's coming. Under the hood, Live Mesh has been moved to the Windows Azure framework that Microsoft announced at the PDC underlying all of their upcoming web services, and it's powerful stuff indeed. You are watching and taking part in a transition that will affect you just as deeply as the initial shift to the Internet. I'll write more about that in the next few days!

Labels: Apple, file_sharing, Internet, Microsoft, mobile, remote, software, Vista, web_services, WinXP

posted by bruceb at 10/30/2008 12:51:00 PM | permalink

DELL REMOTE ACCESS

Access everywhere! Lots of interesting services are being set up to make it easy for you to have access to files, folders, photos, and computers from anywhere, whether it's working on an office computer from home or bringing up pictures from your home computer on a mobile phone.

The latest entry comes from Dell, strangely enough. Dell just introduced Dell Remote Access, a ten dollar per month service for a number of tasks loosely related to "remote access." It's designed to be extremely easy to use. You'll install some software on the computer to be controlled; the software will run continuously and periodically check in with Dell Server Central Command. Then when you go to my.dellremoteaccess.com and log in, you can control your computer remotely as if you're sitting in front of it. That's not all, though! You can stream music and photos to your remote device or upload files to the computer running the Dell software. Plus one more interesting feature that I haven't seen before - you can send a link to someone by email that gives them an encrypted connection to a folder on your computer, so they can look at pictures, say, with very little fuss.

Here are a couple of places where people say nice things about the new service. The people saying those nice things work for Dell. Haven't seen much feedback from the real world yet.

That's pretty cool stuff, and you might want to try it, but I'd offer two thoughts before you jump in.

This is an increasingly crowded field. You have alternatives to choose from at a range of prices, with simple or difficult interfaces, and with similar or different features. You can jump into whichever one gets your attention first - just be aware that's what you're doing. LogMeIn will let you run its software and connect remotely to a single computer for free; its paid subscription adds very easy file transfers and the ability to email a link to a single file on your computer. GoToMyPC is slightly more expensive and aimed more at business users. Windows Live Mesh is a free service from Microsoft that will let you connect remotely to a number of computers, along with file and folder sharing and syncing and more to come; it's a little complicated to get started but might be worth the learning curve for its extra capabilities. Windows Home Server sets up remote access and photo sharing along with its file storage and backup features. Businesses running Microsoft Small Business Server already have remote access to their office computers using Remote Web Workplace.

Which leads to a point that gets more important all the time. A new program or service requires a commitment! Do not install programs or sign up for services on a whim! Each program will require time to learn its features and its quirks; it will require periodic attention to keep it up to date when security issues inevitably appear; if it's a good choice, it will require time to figure out where it fits in your life or your business. You'll likely have another web page address to memorize and another login name and password to add to the notes you can never find when you need them.

There are exciting new services out there! Choose them wisely and stick with the ones you choose so you can make them work for you. If you flit from one new thing to another, installing programs and abandoning them quickly,  you'll wind up talking to me about why your computer is slow and programs are crashing. You'll be depressed when I click on your Start menu and nod my head sadly and give you an economics lesson in the cost of cleanup versus the cost of a new computer.

With that in mind, get connected remotely! You don't have to leave computers behind any more.

Labels: computers, Internet, Microsoft, mobile, phone, photos, remote, SBS, software, web_services

posted by bruceb at 10/21/2008 01:36:00 AM | permalink

GETTING STARTED WITH WINDOWS LIVE

I routinely set up a Windows Live ID for my clients when they get a new computer. There are many programs and online services in the world; Microsoft's programs and services under the Windows Live name are well designed, free to explore, and reasonably simple - a good choice for people who want to do some new tricks without being overwhelmed.

Here are the steps to get started.

Windows Live ID is a single sign-on service from Microsoft that allows people to log into many websites and services with one account. A Windows Live ID is an email address and a password stored in Microsoft's servers. It's free. Follow the instructions here to log in with your Windows Live ID, or set one up if you don't have one already. If you're at your own computer, check all the boxes to sign in automatically and remember your password - the services will then work automatically.

Download and install Windows Live Photo Gallery, a free program for viewing and editing your photos. It's an upgrade for the version of Windows Photo Gallery included with Vista, and also runs on Windows XP. It includes an easy way to share photos online for free. Here's more information about Windows Live Photo Gallery.

• Be careful when you install Windows Live Photo Gallery! You'll have the option to install other Windows Live programs; only install the ones that you are genuinely interested in. Watch the checkboxes on the right - if you're not careful, your Internet Explorer home page will be changed and you'll get an unnecessary extra toolbar.

Explore Windows Live Skydrive, a free place to store and share files online. It is a genuinely useful service, completely free and very easy to use! You'll have access to the files stored in Skydrive from any computer, and you can set up easily that can be shared with someone else, or left open for anyone. Once you're familiar with it, it can be very handy! Here's more information about Windows Live Skydrive.

Windows Live Mesh is (a) a place to store files online, (b) a program that runs on your computer to keep folders in sync on multiple computers, and (c) a way to get remote access to your computer from anywhere - and in the future it will do more! It's a little more complex to get started with but it's already one of the most interesting services available. There's basic information about the service here, and notes about how to get started here. (If you get a message that the Mesh service is not available in your country, it's a glitch - the instructions to solve it are here.)

The world is already flooded with online services, and this is just the beginning of a very big transformation indeed. We're moving from complete dependence on our usual computer, to a much more amophous relationship with a number of computers and other devices that communicate with each other and a mix of locally installed software and services running up in the cloud. Stay sharp! Things are changing.

Labels: file_sharing, Internet, Microsoft, photos, remote, software, web_services

posted by bruceb at 10/13/2008 12:49:00 AM | permalink

THE BIG MONEY, SOUNDUNWOUND

Two new sites have been added to the bruceb favorites page.

• The Big Money is a business web site created by the editors of Slate, intended to be an authoritative source of business news combined with interesting business blogs. It will be trying to stand out from the other big business sites - Forbes, CNN Money, and the rest. Here's a New York Times article about the new site. (Look under Finance / Markets on the favorites page.)
• SoundUnwound is an online music encyclopedia created by Amazon and IMDB, the huge movie database. SoundUnwound starts with a lot of information and links to Amazon for purchase information and reviews, but is also open for editing by users, similar to Wikipedia. The companies hope that a community will grow up to feed information into it and make it authoritative and complete. Since that has already happened on Wikipedia, which has extraordinarily complete information about music (and roughly everything else), it's hard to predict whether SoundUnwound will find its own niche. But it's interesting and nicely presented, and that counts, right? Here's some background information about SoundUnwound. (Look under Music / Artists on the favorites page.)

The bruceb favorites page is meant to include the most useful web sites, the ones that you're looking for most of the time. If you find dead links or if you find yourself at a site that's well known and has some general interest, I hope you'll let me know so I can keep the page up to date. Thanks for your loyalty and support!

Labels: audio, bruceb, business, Internet

posted by bruceb at 9/15/2008 12:35:00 PM | permalink

COMCAST POWERBOOST & SPEED TESTS

I was testing Speed.io, a new site for measuring the speed of an Internet connection and displaying it in a lovely way. (I've put in on the bruceb favorites page under Internet / Online Tools, joining an old favorite, Bandwidth Speed Test.)

The test results reminded me that Comcast's PowerBoost technology really does improve the online experience. DSL has nothing like it. Comcast boosts the speed of just about every connection to a new web page or file for the first thirty seconds or so. That's enough to load virtually any web page nearly instantly (or as close to it as the web server at the other end can supply the page). It's also enough for most downloads to come flying down in their entirety at super speed. Huge downloads will slow down after the first thirty seconds or so, back to the rated speed of the connection. It's not a special feature - Comcast has rolled this out nationwide to all of its customers for free.

The technology also fools most online tools for measuring speed, which typically upload and download files for less than thirty seconds. That's how you get reports like this one, showing that my connection runs at 21Mb download speed, 3.3Mb upload speed. I've got Comcast's business class service, which is remarkably fast - but not quite that fast.

Labels: broadband, Internet

posted by bruceb at 9/13/2008 02:36:00 PM | permalink

SETTING UP LIVE MESH

Microsoft's Live Mesh service, now in beta testing, has the most promise of any of the online services. With an easy setup, you can make your files available on multiple computers, you can share files with other people, and you can access your computers remotely, all for free. At the moment it only works on Windows PCs but soon it will be possible to add Windows Mobile devices and Macs.

Let me take you through a simple setup to help you get started.

Your use of the Live Mesh service starts with your Windows Live ID, the free email address and password that Microsoft uses to set you up with its services. Here are the instructions to set up a Windows Live ID. Have your Windows Live ID in mind before you start, and make sure your Live ID account shows "United States," per my instructions.

Now go to the Live Mesh web site, www.mesh.com, and click on Sign In. Provide your Live ID credentials and accept the license agreement on the next screen.

You should be taken directly to the main Mesh screen, shown on the right.

Click on the "Add Device" button. You'll be adding the computer you're sitting at by installing a small piece of software. It will take 3-4 minutes to install the software. (It hasn't frozen. Wait for it.) When it's done, you'll have a distinctive new icon by the clock.

Now click on the "Live Desktop" icon on the main Mesh screen. You'll be looking at your "Live Desktop." It will have icons for files and folders but don't get confused - these folders are online, not on your computer.

Add a folder and give it a recognizable name - "My Synced Files," say. Now close the browser window! You're done with "Live Desktop" for now.

Minimize all your open programs so you can see your computer desktop. Within seconds, a shortcut named "My Synced Files" will appear on your desktop.

When you click on it, you'll be asked where that shortcut should lead. By default, Mesh offers to set up a new empty folder on your desktop with the same name. Take that choice for now. The folder on your desktop will quickly turn to a translucent blue. It's now part of the Mesh system.

It's just a folder. You can put any files you want into it. You can fill it with Word documents and open them and edit them just like any folder. It's just a folder.

But everything in it will be automatically copied to the online folder. Every change will be copied online. If you delete a file from My Synced Files on your desktop, it will be deleted from the online copy automatically. You don't have to do anything, it just happens.

So put some files and folders into "My Synced Files"! Don't go nuts. Put in 50 files, not 5,000. It works with 5,000 but you'll get impatient and think it's broken. Put in some folders full of files.

The reward comes when you sit down at a different computer.

If you have a second computer, go to the Mesh web site on the second computer and log in with the same Windows Live ID, then click "Add Device" to install the software. After it's installed, you should have the same shortcut on your desktop to set up "My Synced Files."

• If that shortcut doesn't show up automatically, then go back to the Mesh web site and click on Live Desktop. When you right-click on "My Synced Files" and click on "Change Sync Settings," you'll be able to change your second computer to sync "When files are added." You'll immediately have the same shortcut on your desktop to click on to establish that you want "My Synced Files" to appear on your second computer desktop. Within minutes, the "My Synced Files" folder on your second computer will be filled with all of the files that are on the first computer.

From now on, when you change a file in that folder on one computer, the changed file will be there on the other computer right away, automatically. The two computers will always be in sync.

Let's reiterate. Once this is set up, you will work with your files on your computer, in the folders on your desktop, just like before. You don't need to "upload" files to Live Desktop - just save them into "My Synced Files." In fact, normally you'll never visit Live Desktop from one of your own computers except to set up a new folder.

Try that to get started! It's only a taste but you'll be past the hard part. Here are just a few things to look into when you've gotten your bearings!

• You can add existing folders on your computer by right-clicking the folder name and clicking on "Add folder to your Live Mesh." I'm syncing my Internet Favorites folder on my desktop and laptop, for example.
• You can share a folder that's been made into a Mesh folder. It's easiest to do that from Live Desktop - open the folder in Live Desktop, then click on the bottom of the right hand column where it says "Members."
• The person you invite will get a nice email invitation. It will lead them through installing the software and giving them shared access to the Mesh folder. Remember, they need to have a Windows Live ID ready, and they need that email invitation to lead them to your folder.
• You can share a Mesh folder; you can't share subfolders inside the Mesh folder.
• You can log into www.mesh.com from another computer and see all the files in Live Desktop. You should be able to download them or open them at that new computer but I've seen some bugs in that process.
• More interesting - you can log into www.mesh.com from any computer, click on one of your computers, and click on "Connect." If the computer is turned on, you'll start a remote desktop session that allows you to control the remote computer as if you're sitting at it. This is very, very cool.

This is a beta service. Test it carefully, with backups of important data, but by all means test it! This is one of those times when you can gain new powers that you do not currently have. Enjoy!

Labels: file_sharing, Internet, Microsoft, remote, Vista, web_services, WinXP

posted by bruceb at 9/05/2008 12:05:00 AM | permalink

GOOGLE CHROME & IE8

There are new Internet browsers available in the news - Microsoft made a beta release of Internet Explorer 8 available last week for testing, and Google caused a fuss when it released a beta version of Chrome today, possibly as a hasty response to Microsoft's release.

Google envisions a future where all of our work is done in an Internet browser. You'll work on online files using online applications, powered by rich web-based programming languages. The underlying operating system fades in importance in that world - it might be Windows but it doesn't have to be because it's not doing anything interesting. Imagine this pitch:

Now available at WalMart, the ChromePC 3000, powered by Google! It starts instantly, like any other appliance; it runs your online programs faster than any PC or Mac; it's almost invulnerable to viruses and malware. You can watch movies from Netflix, watch Internet TV, play streaming music, and watch YouTube videos; you can work on your documents stored in Google Docs or Acrobat.com, check your GMail or Hotmail or Yahoo Mail, and you can edit your photos in Picasa or Adobe Photoshop Online. It's yours for $299!

That's pretty tempting! It might not matter that it's manufactured by an unknown Korean company and runs Ubuntu Linux, eh?

Now I just made that up with no regard for reality. But Microsoft is going nuts because it's increasingly easy to imagine some variation on that  - an emerging market that bypasses Windows. There are a lot of people who might be perfectly content to use a simple device that only runs an Internet browser although it's not going to be everyone's world; even if we use more online services and move files online, businesses will still use rich applications installed on Windows for a long time to come.

Google's vision is interesting. At the moment, the reality is something else. Google may have rushed its announcement of Chrome because it was embarrassed that after years of development its "new" features are not special at all - they're very, very similar to the features in Internet Explorer 8. The new features in either one are modest improvements at best - architectural changes to make the browers more crash-resistant, faster Java, better security, and a way to surf online without collecting any history (immediately and obviously dubbed "Porn Mode"). Neato! Not exactly riveting stuff.

Early reports suggest that Chrome is a work in progress, with some bugs, no support for add-ins, and an interface that is so stripped-down that I personally find it a bit odd. IE8 has some nice new ways to customize things and a few things moved around. I'm not sure I have time to test either one.

Let me return to something I said about Firefox when its new version was released. (This is addressed to the business users trying to get work done and the home users who don't want technical glitches. If you're a technically proficient computer user, go about your business with my best wishes.)

All of you have Internet Explorer 7 installed on your Windows computers. It is stable, full-featured, and secure.

Don't install duplicative software unnecessarily! You should not install a new Internet browser because a well-meaning friend tells you that it's cool, or a newspaper article speaks highly of it. You should install software if and only if you can articulate something that the new software will allow you to do that you cannot currently do. And you must be ready to take on the burden of giving the new software the care and attention it will require for security and stability.

Labels: Google, IE, Internet, Microsoft, software

posted by bruceb at 9/03/2008 01:24:00 AM | permalink

XO COMMUNICATIONS & CARL ICAHN

The New York Times has an article today about XO Communications, a company that most of you have never heard of. It gave me a little wave of nostalgia - XO is irrelevant now but I still have accounts there and it meant a lot to me in the old days.

The article goes through Carl Icahn's emergence in 2003 as XO's majority owner and his financial shenanigans with the company since then. It's an interesting story, not untypical, where people with way too much money play games that seem to have nothing to do with the underlying business of the companies involved.

My interest is only because XO evolved from Concentric Networks, the company that was a big player in web hosting in the 90s. I registered bruceb.com with Concentric and set up many of my clients there. Prices were reasonable, the onscreen controls were better than other web hosting companies, and support was good.

None of those things have been true for a few years now. The onscreen controls are cluttered and buggy, service is occasionally erratic, and XO's prices are no longer competitive. (My experiences with tech support by phone have been good, unlike, say, 1and1.com, but I've had to call for support too many times in the last few years.)

Moving a web site from one host to another is a chore, especially for businesses that have to be sure not to disrupt the flow of email, so bruceb.com is still hosted by XO, and a few of my clients are still there. This article reminds me that it's time to move on - there's no need to stay with a company that is sliding into bankruptcy and has no particular interest in its web hosting business.

Labels: business, Internet

posted by bruceb at 8/30/2008 11:15:00 AM | permalink

SETTING UP A WINDOWS LIVE ID

Windows Live ID is a single sign-on service from Microsoft that allows people to log into many websites and services with one account. A Windows Live ID is an email address and a password stored in Microsoft's servers. It's free.

Most people will have a single Windows Live ID. I'm setting them up routinely for each employee in my clients' offices.

More services are being added all the time. Almost all of them are free. They are increasingly tied together so that access to them is easy. This includes instant messaging (Windows Live Messenger), file syncing and sharing (Live Mesh), online file storage and sharing (Windows Live Skydrive), online photo sharing (Windows Live Photo Gallery), and more.

If you don't yet have a Windows Live ID, follow this process. I'm including a couple of extra steps that will save you time later.

Go to this site and click on Sign up on the left.

Use your regular email address.

Choose a safe password. Put it somewhere secure. Remember it.

• (If you're already got a Windows Live ID for the email address, you'll find that out when you leave the signup screen. If so, you'll have to figure out what the password is, or reset it.)

You'll get an email asking you to verify the email address. Follow the instructions - you'll click the link in the message, then go through a couple of very short screens online.

Go to http://account.live.com

Click on "Registered information"

Enter first and last name

Enter birth date (apparently required, but you don't have to tell the truth as long as you make yourself an adult)

Change home and work country to NONE

Change home and work country back to United States. Each one should now have extra lines for addresses. They can be left blank.

The page for "Registered Information" will look like this - on the left when you arrive, on the right when you're done.

   

Click SAVE

You should now see your name and Country/Region: United States on the front page.

You're done!

When you're prompted for your Windows Live ID and you're sitting at your primary computer, watch for the checkboxes to save your login name and password - the Windows Live services can almost always open automatically with no password prompt after the first time.

Read about the Windows Live services on my news page or online. There are links to many of the services here on my Favorites page. You may find something that you can use right away!

Labels: file_sharing, Internet, Microsoft, OneCare, photos, software, web_services

posted by bruceb at 8/27/2008 12:56:00 AM | permalink

AT&T TECH SUPPORT vs. ETERNAL DAMNATION - A TOSSUP

I'm occasionally asked why I have such a negative opinion of AT&T's DSL service.

This chilling account should answer that question - a complete log of one person's experiences on two different occasions, dealing each time with more than a dozen customer support reps over a period of more than three hours each, on problems that should have been simple. A slow DSL connection at home, a failed login to AT&T wireless service, problems that should have required five minutes but turned into hellish nightmares.

I'll add one more awful, unforgiveable story, just the latest in my own run of unhappy experiences with AT&T.

Last week, AT&T started blocking all outgoing email with no notice for one of my clients running Small Business Server. A business was suddenly, unexpectedly cut off from communicating with its customers. For better or worse, businesses live by email! This was potentially devastating.

When I investigated, I found that port 25 was completely blocked, so no other outgoing email server could be used; AT&T's email servers could only be accessed over port 465 with SSL authentication, which is not supported by Exchange 2003. I researched the problem online and discovered that there was no solution; a handful of people who had survived AT&T's stupefyingly awful tech support process had been told that AT&T was simply not handling outgoing email for anyone with an Exchange Server - no apology, no excuse, no solution.

(This is a variation of the problem I ran into a few months ago. I solved it this time by buying service from NoIP.com that sends outgoing mail on a nonstandard port. Later I learned that ExchangeDefender also can be set up on a nonstandard port. I'm still going to insist that both clients leave AT&T.)

It's still possible to sign up for DSL service with Sonic.net, which consistently employs the nicest people in the world. If you are signing up for DSL service, don't even consider signing up with AT&T. If you currently have AT&T service and you want to do something proactive for your future mental health, think about switching your service. If you're a business, make it a priority.

Labels: broadband, Internet, mail

posted by bruceb at 8/25/2008 12:33:00 AM | permalink

JUNGLE DISK ONLINE BACKUP

Take a look at Jungle Disk, a service for online backups with a good reputation. I'm testing it now and finding a lot of things to like.

The idea is simple - back up folders to a secure place online at regular intervals, and retrieve them any time but especially in the event of a computer crash.

Jungle Disk's backup software is extremely simple to use - pick the interval for backups and put checkmarks by the folders to be backed up. The software can be installed on Windows servers and desktops as well as supporting Linux and Macs.

After a disaster, you'd install the Jungle Disk software on the new computer, then run Restore. By default, Jungle Disk keeps multiple versions of files, so you can also use it to recover earlier versions of individual documents.

The interesting thing about Jungle Disk is that it has almost no investment in this process at all. All of the hard work is done by Amazon. Yup, Amazon.

You see, Amazon has built a simply unbelievable global array of servers, capable of providing nearly unlimited amounts of storage. A tiny fraction of that is used for Amazon's online stores.

Amazon is providing access to that online storage to anyone, at trivially cheap prices. When you install Jungle Disk, the first thing you'll do is set up your personal account with Amazon for storage space in Amazon's S3 service. The cost is fifteen cents per month per gigabyte, plus trivial charges for transferring files to and from the service, billed through your Amazon account. You can store as much or as little as you like - there is a size limit of 5Gb for an individual file but there are otherwise no limits whatsoever.

The Amazon storage space cannot be accessed directly, however. Developers are given the technical tools to build whatever they like for people to use with the service. Jungle Disk built a backup program. There are lots of other backup programs as well as web hosting companies, photo sharing services and many more services built around the Amazon S3 online storage.

The Jungle Disk software costs twenty bucks for a lifetime license. If the company went out of business, chances are somebody else would write software to recover data stored in Jungle Disk's proprietary format. But Jungle Disk was immediately profitable because it just wrote some simple software - it did not try to build a global network of secure servers to go with it.

Jungle Disk is secure and simple. The first backup is slow - it's going through your Internet connection, after all. It might take days for the first backup to complete. After that, only changed files are sent. You wouldn't back up your entire hard drive to Jungle Disk - it can't be used for a bare metal restore.

Personally, for the reasons I wrote up recently, I would use it in addition to another backup method.

I'm going to start using it to store another backup of my files, my Quickbooks & Quicken data, and my family photos. That's about 35Gb of data, so that should be about five bucks a month. Nice! If I have trouble (like I did last year when I had a poor experience with another online backup service), I'll let you know.

Labels: backup, business, Internet, web_services

posted by bruceb at 8/13/2008 12:05:00 AM | permalink

OLYMPIC TECHNOLOGY

By the close of the 2008 Olympic Games, NBC will have broadcast 2,900 hours of live coverage - more than the total number of US television hours for all previous summer Olympic Games combined.

In addition to the broadcasts on the primary NBC channel, video coverage will be virtually nonstop on NBC's Spanish-language outlet, Telemundo, and on five of seven major NBC Universal-owned cable channels. Huge amounts of video covering every sport will be served up by streamed video on NBC's Olympics Web site, NBCOlympics.com. Here's a good article about the monolithic coverage and the accompanying promotional effort.

This article examines the technical challenge of handling that much video - 11 terabytes of high definition content alone. NBC has spent billions on storage (180TB of available space in Beijing), servers, and creative technology to make it possible for editors around the world to stitch together the coverage from the available shots and create a finished piece without choking up all the bandwidth moving the HD video around.

The NBC Olympics web site will be streaming video using Microsoft's Silverlight technology - you'll have to install "Silverlight v.2 (beta)" to see the video. Microsoft paid large amounts of money to get the opportunity to install Silverlight on computers around the world, and it's putting on a very impressive show - the high quality 720x480 video is quite remarkable after the last couple of years spent enduring miserable low-quality streaming Flash video on YouTube. Check it out - watch the incredible men's swimming 4x100 relay. (When the video starts, click the button to "Enlarge" in the lower right corner.)

You'll get a quick screen to indicate who your television provider is - if you don't claim to have service from one of NBC's "partners" (like, say, Comcast Cable in zip code 95404), you don't get to watch the online video. There's no check on the information you put in. I've seen one unconfirmed report that if you put in Time Warner in zip code 10001, you can see some coverage three hours earlier than it's turned on for the west coast.

There is a link to the NBC Olympics web site on the bruceb.com Favorites page - near the top, under the Amazon search box.

Enjoy the Games!

Labels: business, games, Internet, video

posted by bruceb at 8/12/2008 12:15:00 AM | permalink

FAKE FLASH UPDATE - SPYWARE ALERT!
There is a massive spam attack underway masquerading as messages from CNN.com. The first set of messages had links to the "Top 10 Headlines" and "Top 10 Videos"; now there are new variations presenting a "custom news alert." Clicking on any link in the messages will bring up a dialog that says an incorrect version of Flash Player has been detected that needs to be updated to a newer edition.

You will be caught in an endless loop - if you click "Cancel" another box will immediately appear, over and over. The only way to get out is to force your browser to close with Task Manager, or shut down your computer.

If you click OK, malware is installed. You will immediately get a blizzard of popups, advertisements for fake "antivirus" software, and the likelihood that something more sinister is happening on your computer behind the scenes. It is increasingly difficult or impossible to remove this stuff once it gets on your computer!

At the malicious web sites, you'll see something like this:

Antivirus software will not always protect you against malware if you click OK at the wrong time! Sorry, that's just the way it is.

Here's an article about the spam blitz. Links to the malicious web sites are also being left in comments on MySpace and Facebook, according to this article.

Don't click on strange URLs! Follow links with carefree abandon to and from legitimate sites, but don't click on links that arrive in spam e-mail, instant messages, web forums, or IRC chats, or that start from an untrustworthy web site. Be paranoid and surf carefully!

Labels: IE, Internet, security, spam

posted by bruceb at 8/11/2008 12:05:00 AM | permalink

FIREFOX 3

Mozilla released the Firefox 3 Internet browser on Tuesday and is working on setting a Guinness record for the most software downloaded in 24 hours. There are a lot of people who like Firefox a lot.

If you haven't been following along, Firefox is an Internet browser that can be installed for free on Windows XP and Vista as an alternative to Internet Explorer. It is also available for Linux and Macs, making it easier for people to go back and forth among different operating systems. It has important ties to the growing community of open source developers and is sponsored by a company that is not strictly a nonprofit but pledges to be running itself for the greater good rather than for profit. It has been gaining market share rapidly for the last few years and is currently the second most-used Internet browser; the launch of Firefox 3 has been planned to generate gobs of publicity that will increase public awareness and market share.

You may download and install Firefox 3 with my blessing, but I want you to stop for just a second before you do.

I run happy computers. I try to make your computers happy. My guiding principle to accomplish that is to install software only when it's necessary to do something useful that can't be done as well by something already on the computer.

You're running an up to date Windows XP or Vista computer with Internet Explorer 7, a browser that is fast and secure. I don't want you to install Firefox unless you have some idea of why you're installing it!

There are really only two possibilities.

• Firefox is produced by independent and enthusiastic people who are not Microsoft. For many people that is a sufficient reason to prefer it.
• Firefox has features that are not offered in Internet Explorer that you want to explore - particularly the rich world of addons that extend and change the browser's features and look.

Here's an extensive review of the new features in Firefox 3 and the things that distinguish it from Internet Explorer 7. Go read it! (There's no shortage of writeups and reviews. Here's another enthusiastic description.) If you decide to install it and use those new and distinctive features, that's great. It won't hurt your computer and you may come to love it. Many people do.

But for many of you, the only reason to install Firefox will be that a well-meaning friend told you that it's cool, or a newspaper article speaks highly of it. In that case, think about not going there! You'll be installing a lovely, duplicative piece of software that will require care and attention - security updates are inevitable and plans are already laid for version 3.1, with more super swell stuff, which will inevitably be followed by 3.2 and 3.3 and 4.0. In the long run, installing unnecessary software is a recipe for an unhappy computer.

I'm not going to be installing Firefox. I look at the reviews and see it praised for its speed, which strikes me as a complete non-issue; for the wealth of addons, which most writeups concede frequently cause Firefox to become unstable; for features and security that make it comparable to (but not particularly better than) Internet Explorer 7; and for new features that seem uninteresting. That's just me! Make your own decision, but make it deliberately, not as a passing thought.

So install Firefox if you choose, and use it in good health. If you're lucky, you'll become a Firefox convert, which I think would be great - it's fun to have something to be enthusiastic about!

Labels: IE, Internet, Microsoft, software

posted by bruceb at 6/18/2008 02:13:00 AM | permalink

GOOGLE WEB HOSTING

If you're looking for a quick way to get something online, take a look at what Google is doing.

There's no shortage of ways to get started online with a web site, a blog, a place for collaboration, a shared calendar, a shared photo gallery, or any of a hundred other things. In fact, for many people that's the problem - it's not easy to articulate what their goals are for an online site, and there's no way to make an informed choice and be confident that a service will match their technical skills, meet their needs, and still be in business a year from now.

Traditional web hosting - register a name, sign up with a web hosting company, get a web site designed, and keep it up to date - has many pitfalls. Name registration and simple web hosting cost virtually nothing, but there are many ways to muck it up, and it's hard not to feel helpless and lost while trying to decide what companies to choose. Very few web site designers are willing to work cheaply on a simple web site, for obvious reasons - there's no money doing inexpensive work for a customer who likely won't come back for repeat business.

Lots of companies big and small have jumped in to make it easier to get started, typically by offering the web hosting for free or nearly free and providing templates for cookie-cutter web sites. Don't underestimate that! Many of those services are just great and some of the templates are beautifully designed.

Microsoft, for example, has introduced Microsoft Office Live, intended to provide small businesses with the tools to start a web site and do useful things with it - online commerce, marketing, online document storage and collaboration, and more. A motivated business owner with strong technical skills can probably do wonderful things with it. I've only looked at the first few screens and I can see the potential, but wow, there's a lot of things to learn! The thought of working with them enough to be confident makes me want to go lie down.

Google offers simple web hosting for individuals and very small businesses with typical Google features - drop dead simple controls, nice designs for the templates, and all completely free. Details are on the Google Web Hosting page. For a modest monthly fee, you can hire professional designers to help put your site together.

All of these services have quirks. I don't know the details about Google's web hosting, but I can give you one quick example. Google is not offering to host http://www.yournamehere.com for free! The service creates pages with an address in this format: http://yoursitename.googlepages.com. That's fine for an individual, a bit funky for a business. That also means that Google will not be providing email to a custom domain name, although you can have mail from your site sent to any email address (including a Google GMail account.)

Let's be clear: that means you can have a web site online in minutes, for free, that can be updated from anywhere. Nice!

Today Google opened up another service that looks fascinating. Google Sites also lets you get a web site online in minutes, for free, that can be updated from anywhere. But these sites are designed for groups - sports teams, community groups, classrooms, clubs, families, anything that might involve more than one person.

The pages can easily be used for calendars, photos, videos, documents, blog-style news, gadgets, and more.

Anyone can view the pages online, but it's also easy to give people permission to add information - enter an email address and immediately give someone permission to update the calendar, contribute to the news items, or upload pictures, for example.

This is very good stuff! The world is pretty overwhelming, I know, but this ought to be in the back of your mind so you can use it when the need arises.

Sites created with Google Sites will have names in the format http://sitename.googlepages.com.

Here's Google's announcement that Google Sites is now available to anyone, and here's a news article with a few more details. Go put it to good use!

Labels: domains, Google, Internet, Microsoft, web_services

posted by bruceb at 5/23/2008 01:27:00 AM | permalink

GRANDCENTRAL GOES OOPS

GrandCentral is a phenomenally useful service for some people. The service assigns you a free phone number; you can route calls so when that number is dialed, the phone rings at any number of places you choose. When you call my GrandCentral number - the only number I give out now - both my office phone and my cell phone ring, so you can reach me wherever I am, crucial in an area like Sonoma County where cell phone coverage is spotty. The web interface plays voicemail messages, which are indefinitely archived, and allows calls to be rerouted on the fly - forward your calls to Grandma's house when you arrive for Thanksgiving, then turn the forwarding off when you leave. Brilliant! Here's my notes about GrandCentral when I signed up.

Google bought GrandCentral last year and seems a little uncertain what to do with it. The service immediately stopped accepting new users, instead offering signup on a waiting list with only occasional openings for new people to join. Service has been spotty at times lately. The features haven't changed and there's been little discussion about what to expect. The official blog is almost dead, although a post last month promised that work was proceeding on "the next great version of GrandCentral and a ton of cool new features."

Today's episode is probably just an "Oops!" moment, not an indication of anything. But it was almost a big Oops.

Google almost let the registration lapse on the domain name www.grandcentral.com. Somebody forgot to renew it.

The web site actually went dead for many people today, the last day of its registration, as the registrar began to take it over.

Late in the day, somebody from Google managed to get the site back online by renewing the name for a year.

Here's a blogger summing up the day's events.

Isn't that marvelous? It's some pretty embarrassing stuff. I hope Google is doing a better job on the big picture than it is on the details!

Labels: business, Google, Internet, phone

posted by bruceb at 5/21/2008 01:34:00 AM | permalink

ADWARE - NOT DEAD YET

The best security software will not protect you if you click "OK" and install something from a web site.

Adware/spyware was at epidemic levels until a couple of years ago when Microsoft released Windows Defender and the antivirus vendors reluctantly stepped up with their own products, and bitter experience taught us to surf with a high degree of paranoia. Security programs now monitor constantly to prevent adware/spyware from installing in the background and Internet Explorer has been hardened against stealth attacks.

Vista brings even more security - Windows Defender is included with the OS and Internet Explorer operates with very low privileges, which stops bad programs in their tracks. Vista will protect you in many cases even if you click "OK," but let's not test that, eh?

On Windows XP, you have authority to install any malicious, dangerous program you choose. You're protected against programs that try to do a "drive-by" stealth install simply because you visited a web site, but Windows XP and your security program cannot completely protect you if you click "OK" and authorize a program to be installed!

I spent too many hours today trying to clean adware off a perfectly nice, up to date Windows XP system running security software. The adware had probably arrived during a MySpace visit, although we don't know what was clicked that allowed the invasion to occur. The last time this happened to one of my clients, it was a porn site whose innocent looking window said a "video codec" had to be installed to view the movies. Well, sure, click OK, whatever - and bang! the system has bad stuff on it, leaving the security program trying to play catchup and gamely reporting about whatever it notices. The bad guys have become smart and devious enough that if their adware gets installed, the security programs simply can't remove all of it.

The adware folks are still up to the same old tricks. On the compromised computer today, all Google searches were diverted over to advertising pages and all security web sites were blocked, as was Windows Update for some reason. The adware sets up multiple layers of increasingly deeply hidden ways for it to reinstall itself after efforts are made to clean the system. I can go clean out startup programs and browser helper objects and IE addins and shell extensions and a few other places in the registry where things hide, and run scans to remove or quarantine a few more things - and there will be more stuff to replace them when the system restarts. Often now the names of the adware files and DLLs are randomized strings of letters so they won't turn up in searches, and frequently they immediately go online and invite more adware onboard as often as possible.

I might lose this system; it won't be the first time. We've done deep cleaning (a lot of deep cleaning), installed IE7, installed Windows XP SP3, and made no progress yet. Now we'll turn to system restore and a few other tricks. It's time consuming work. All it took was a single errant click but now I may wind up having a frustrating conversation about the economics of struggling with the repair versus the expense of buying a new computer. (It's almost never economical to pay me to reformat the hard drive of an old computer. It takes a  horrendously long time to back up data, install Windows, install other programs and restore the data, and at the end you still have an old computer.)

You are responsible for the health of your computer. Some of that responsibility is discharged if you have up to date security software that covers the computer's basic needs. You must be conservative about installing software and never agree to anything requested online unless you are completely confident that you are doing the right thing. The bad guys are liars. They will say anything to get past your defenses, without conscience or remorse. Please, be careful out there!

Labels: computers, Internet, OneCare, security, Vista, WinXP

posted by bruceb at 5/20/2008 12:56:00 AM | permalink