Don’t pay for software you don’t need — Part 1

WindowSecrets.com 2.0 formally launched

By Tracey Capen

Nearly a week ago, the new Windows Secrets site moved from beta to the real thing.

The migration was far from easy and we’re still working out a few kinks, but our updated site is live for all to see.

As I discussed in a previous introduction, moving to the WordPress Web-publishing platform was a major leap forward for Windows Secrets. The new site now has the enhancements we desperately needed to allow the site to grow and mature.

Much of the development work for the new Windows Secrets site went to things you’ll never see. Hundreds of hours went into the background processes — such as the reader subscription system — that make the site work. That heavy lifting was accomplished by a small team of developers that includes Tony Johnston (whose office is next door to mine), Andy Boyd, Aaron Forgue, and Lindsey Dunagan — people who rarely see their name in print but who are just as important to Windows Secrets as any contributor or editor. My thanks to the entire team.

Yahoo bounces Windows Secrets newsletters

Publishing the newsletter has been a little rough the past few weeks, and not just because of the migration to WordPress. As some of you know all too well, a relatively small number of subscribers never received the newsletter; it was rejected by their mail services. One week it was Gmail users; last week it was Yahoo users. And now we know at least one of the reasons why.

Two phrases come to mind when describing these puzzling delivery problems: that we’re a victim of our own success, and that no good deed goes unpunished (the mind of a cynical editor obviously at work here).

Our investigations into the bounced e-mails point to our extensive, and extremely popular, coverage of the Liza Noon (purposely misspelled here, for reasons that I’ll explain shortly) phenomenon — specifically, our mention of a defunct website from which that particularly malicious piece of malware got its name.

The Gmail problem remains a mystery, but in the case of last week’s newsletter, tests conducted by me and others showed that any e-mail containing that malware’s name followed by .com and sent to a Yahoo account was rejected by Yahoo. (The name was not hyperlinked; it was simple text.)

It appears to be a case of Yahoo cranking up its malware filters a couple of notches too high.

My apologies to those who were unable to receive last week’s Windows Secrets. In the future, we’re going to be a bit more careful about anything with a .com extension. We also recommend that subscribers add editor@windowssecrets.com to their e-mail address books.

Subscribers make Windows Secrets a success

Thanks for your suggestions and patience during our transition to the new site, and for your continuing support. Feel free to send us suggestions for new Windows topics and tips. It’s your newsletter.

   — Tracey Capen, editor in chief

Don't pay for software you don't need — Part 1

By Woody Leonhard

If you’ve moved to Windows 7, there’s a raft of software — entire categories of software — that you simply don’t need.

Why pay for it?

Many people write to ask me for recommendations about antivirus software, or utility programs, or Registry cleaners, or backup programs. They cite comparative reviews — even articles that I wrote a few years ago — debating the merits and flaws of various packages. Time and again, I have to tell them that all the information they know is wrong. On second thought, I guess the accumulated knowledge isn’t so much wrong as obsolete.

The simple fact is, if you moved up to Windows 7, you wouldn’t need a lot of that stuff — and the old reviews are just that. Old reviews.

I’m considered a heretic in some circles because I have extreme views when it comes to installing software on my Win7 machines. Even if I don’t have to pay for it, I don’t want a new program unless it solves a specific problem that bedevils me. And as for paying money for old packages — even good old packages — sorry, but I won’t do it. I recommend that you don’t, either.

In this column, and my next two columns, I’m going to lay it on the line — point out what you don’t need, in my considered opinion — and try to save you a bunch of money. Senior Editor Fred Langa disagrees with several of my recommendations, as do many other knowledgeable people in the industry. Fred and others will present their counterpoints as the series develops, in articles here in the newsletter and in the Lounge. Should be an interesting meeting of the minds.

This week, I’d like to inflict on you my personal biases concerning four different groups of Windows software: antivirus, defraggers, backup programs, and Office productivity software. I look at all four specifically from a Windows 7 point of view. XP’s a whole different kettle of decade-old fish.

Here’s the dirty truth behind four big-time software industries — what you, as a Win7 user, need to know, to save yourself a ton of money and many, many Excedrin-size headaches.

Paying for antivirus doesn’t improve protection

I’ve been recommending free antivirus software since the second edition of Windows XP All-In-One For Dummies, nearly a decade ago. I’ve drawn the wrath of many a player in the billion-dollar AV industry, but I still say there’s absolutely no reason at all to pay for antivirus protection.

Back in XP times, I recommended AVG Free, Avira, ESET’s NOD32, and the like — many of those products were, and still are, free for personal use. That’s changed. Starting with the second edition of Windows 7 All-In-One For Dummies, I’ve stopped recommending any third-party antivirus software. Why? Because Microsoft makes a first-rate AV product that’s absolutely free for anyone with a genuine copy of Windows. It’s also free for organizations of 10 or fewer people.

Microsoft Security Essentials (download page) goes in easily, runs quietly, needs no tending, and catches as many infectious programs as any of the big-name antivirus products. And it’s free. Fred Langa has a full description in his May 6, 2010, Top Story, “The 120-day Microsoft security suite test drive.”

I’ve heard all the arguments against Microsoft Security Essentials. Yes, it’s like asking the fox to guard the chicken coop. But in this case, MSE’s one fine fox.

MSE doesn’t catch all the nasties, all the time. No AV product does. If you shoot yourself in the foot and wittingly install a rogue anti-malware program, for example, MSE may not keep you from pulling the trigger. In desperate situations, you may need a special-purpose program such as Malwarebytes to cleanse your system. But for everyday use, MSE works as well as any of the big-name, expensive, constantly money-grubbing packages. Get rid of ’em.

The only downside to installing MSE? You have to figure out how to completely remove the antivirus program you have now. Good luck.

You don’t need to defrag your drives any more

I’ve written hundreds of pages about hard-drive fragmentation. Because of the way Windows stores data on a drive and reclaims the areas left behind when deleting data, your drives can start to look like a patchwork quilt, with data scattered all over the place. Defragmentation reorganizes the data, plucking data off the drive and putting files back together again, ostensibly to speed up hard-drive access.

Although it’s true that horribly fragmented hard drives — many of them hand-crafted by defrag software companies trying to prove their worth — run slower than defragged drives, in practice the differences aren’t that remarkable, particularly if you defrag your hard drives every month or two or six. (Note that you should never defrag a solid-state drive.) In practice, even moderately bad fragmentation doesn’t make a noticeable difference in performance, although running a defrag every now and again helps.

With Windows 7, you don’t need to run a defrag. Ever. Windows runs one for you, by default, one day every week at 1:00 a.m. You can double-check to make sure that your machine’s running defrags automatically: click Start, All Programs, Accessories, System Tools, Task Scheduler. On the left (see Figure 1), navigate to Task Scheduler Library, Microsoft, Windows, Defrag, and look for the ScheduledDefrag activity.

Figure 1. By default, Windows 7 runs a scheduled defrag once a week at 1:00 a.m.

To see when your hard drives have been defragmented, choose Start, All Programs, Accessories, System Tools, Disk Defragmenter. The Disk Defragmenter dialog box tells you when your drives were defragged and how badly they were fragmented at the last calculation point. From that dialog box, you can manually inspect your drives and run a defrag, if you feel so inclined.

Some companies would have you believe that their defraggers work better than Microsoft’s. I say pshaw. (That’s a technical term.) I’ve never seen any perceptible difference between MS and for-pay defraggers on a real-world Win7 machine, properly configured. Defraggers are just a waste of money.

Drop your old backup program and use Win7’s

I’m going to get howls over this one. In my opinion, if you have Windows 7, you have all the backup horsepower you need.

Windows XP’s built-in backup program didn’t. Didn’t back up, that is. Something of a shortcoming for a backup program, eh? Vista’s worked better, and Win7’s works well.

Windows 7 has full support for four different kinds of backups:

• Shadow copies, also known as previous versions. Win7 maintains snapshots of your data files, taken every night around midnight. I’m amazed that more Win7 users don’t realize they already have most of the vaunted Mac “Time Machine” features, built into Win7. To see the previous versions of your data files, click Start and then Documents. In Documents, navigate to the file that you’d like to resurrect. Right-click on the filename and choose Restore Previous versions. You see all of the stored shadow copies of that particular document, and it’s easy to restore them.
• Data backups Setting up data backups is amazingly easy, although there’s a little trick. If you’re running Windows 7 Professional (or Ultimate) and you have a network, you can put your data backups on a network drive. To do so, click Start, Accessories, Getting Started. Click Back up your files, and follow the instructions. If you’re running Win7 Home Premium or you don’t have a network, your best bet is to buy an external hard drive for backups. (Two-TB drives cost about a hundred bucks.) Plug the external drive into a USB port, choose the Use the Drive for Backup option, and follow the instructions.
• System restore points Just like Windows XP and Vista, Win7 has tools to set up, manage, and use system restore points. See Microsoft’s FAQ for details.
• “Ghost” system images Windows 7 also makes it easy to make a copy of your entire hard drive, a so-called image backup or ghost. To ghost your hard drive, click Start, All Programs, Accessories, Getting Started, Back up your files. Then in the upper-left corner, click the link to Create a system image.

Win7 makes shadow copies and data backups automatically, following the instructions you give when you first run the backup programs. It’s easy, fast, and built into Windows. Of course, you need to figure out how often to run the backups, how to create full ghost images, and how to find and restore the right backups, but all of the pieces are there — and they don’t cost a penny.

There are some situations in which you might want to pay for backup software. If you have several computers on a network and want to back them all up to one single location, a Windows Home Server or Network Attached Storage box with integrated Windows backup software may be better than backing up each machine individually. Cloud-based backup is good and getting better. But for most people, Windows 7’s backup software does everything they need.

By the way, when Windows 8 starts gathering steam, you’re going to see a lot of marketing puffery about Microsoft’s new “History Vault” — which many people are already comparing to the Mac’s “Time Machine.” When you see the new, whiz-bang demos, remember: Windows 7 already has shadow copies, fully incremental data backups, and all of the glue to get them together. The user interface isn’t particularly snazzy, but all of the pieces are already there.

OpenOffice is not a slam-dunk replacement

Whenever somebody asks me, “Why do you recommend Office when OpenOffice does everything for free?” I have to cringe. It’s true that Microsoft Office is enormously expensive. It’s also true that good, but not great, alternatives exist — including Google Docs, among many others.

There are two substantial problems.

First, as much as I would love to recommend a free replacement for Word, Excel, PowerPoint, or Outlook, the simple fact is that the free alternatives aren’t 100-percent compatible. In fact, for anything except the simplest formatting, and most basic features, they aren’t compatible at all. Even Microsoft’s free Office Web Apps don’t come close to the real Word, Excel, or PowerPoint. If your needs are modest, by all means explore the alternatives. But if you have to edit a document that somebody else is going to use, and it has any unusual formatting, you may end up with an unusable mess.

Second, many people don’t realize it, but OpenOffice.org isn’t the same organization it used to be. There’s a long, sordid story involved, but give or take a twist, it goes something like this. Once upon a time, a company called StarDivision built an office program called StarOffice. Sun Microsystems bought StarDivision in August 1999 and, about a year later, released the StarOffice source code, turning it into the open-source product known as OpenOffice.org. Sun continued to support the OpenOffice.org effort by employing many of the developers; Novell, Red Hat, IBM, Google, and other companies also loaned their employees to the effort.

Then Oracle bought out Sun and started to do some not-very-funny things with the OpenOffice.org effort. Oracle tried to sell a variant of OpenOffice.org. Oracle yanked the free ODF plug-in that allows older versions of MS Office to read OpenOffice docs and slapped a horrendous price on it. There was a very nasty falling out, with dozens of key OpenOffice developers very publicly lambasting Oracle and then forming a new organization called LibreOffice. The LibreOffice folks forked the code and have, at this point, released two new minor versions that are not associated with OpenOffice.org or Oracle.

As reported in an April 21 InfoWorld story, Oracle announced that it’s going to hand over the OpenOffice code to “a purely community-based open-source project.” That project hasn’t yet been identified, and it isn’t clear whether LibreOffice will absorb some or all of the code.

For all of those reasons, OpenOffice.org isn’t a real or good alternative to Microsoft Office right now. So if you’re looking for a way to avoid paying for Office, be assured that you aren’t alone in the search. But the situation’s still too murky for me to make any good recommendations yet.

Stay tuned.

Woody Leonhard‘s latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies — deliver the straight story in a way that won’t put you to sleep.

When Word and Windows stop talking

By Kathleen Atkins

You can lose some cooperation between Word and Windows — and other conveniences, too — if you overzealously remove files from your computer or use the wrong cleaning product.

Lounge member hmbterry reports that he “used one of those cleaner programs” and lost his list of pinned and recent documents that used to be available to him through the Windows 7 Start menu. He wants his very useful list back.

Fellow Lounge members offer leads in the search for this lost functionality. Find out what they suggest. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

Guilty as charged — a doggie confession

By Revia Romberg Dogs are truly talented friends. They’re ecstatic to see us when we walk in the door, and they can make us smile, no matter what kind of day we’ve had. Which can make it really hard to be angry with them when they’ve transgressed — after they’ve destroyed a favorite pair of shoes or unstuffed an important pillow. In this video, a dog at first denies any guilt, but then breaks under questioning. Play the video

Two different Windows 7 boot problems

By Fred Langa Readers’ PCs suffer “Invalid System Disk” errors and a doubled boot time. From XP onward, Windows rarely suffers serious boot problems. But when they do happen, help is close at hand.

Win7 boot yields ‘Invalid System Disk’ error

Charles Henderson’s PC no longer boots smoothly.

• “I am running Win7 Service Pack 1. It has been working OK. However, within the last week it has developed a peculiar boot issue.

  “Now, when I boot the main drive, it stops after checking the two CD drives and gives this message: ‘Invalid System Disk, Replace the disk, then press any key.’ I press any key, and the boot continues as normal.

  “Can you advise me on how to rid the boot process of this error message?”

There are usually two reasons for an “Invalid System Disk” error. One involves a serious problem with the boot record or files on the disk. But because your system boots normally after the initial hiccup, I’d say that your boot records and files are probably fine.

The other main reason for this error is the PC getting confused about which disk, partition, or device it’s supposed to boot from. For example, a PC may be set to look initially for a boot floppy disk. If no floppy is found, then the system might look for other devices to boot from — a CD or DVD, external USB device, hard drive, or the network. If it gets stymied at any point along the way, you’ll see a “Press any key to continue” message.

When this happens, shut down and unplug all USB-connected, external-storage devices (such as hard drives, thumb drives, cameras, camera memory cards, and digital music players). Also remove all CDs, DVDs, floppies, or other removable media (including blank ones) from their trays. Reboot. If the system now boots normally, one of those nonboot devices or media was in the startup sequence and was likely causing the boot error.

The permanent fix is to designate the device you want the PC to try first — usually, it’s the primary hard drive, followed by the optical drive (in case you need to boot from the system rescue or installation disc).

Setting boot order is easy to do: the About.com article, “Change the boot order in BIOS,” shows you the general way to accomplish this. Your system vendor’s help site should provide information that’s specific to your system.

The Microsoft support article, “Error message ‘Invalid System Disk’ …” contains additional general info.

For detailed technical information, see the MS TechNet article, “Troubleshooting the startup process.”

What might cause boot time to double?

Kunal Jariwala’s boot time suddenly doubled.

• “Few weeks ago, I installed Win7’s SP1. I keep track of my boot time through Soluto, as suggested in [the January 6, 2011, Top Story item, “The Soluto solution for long boot times”], and I realized my boot time immediately doubled!

  “Is there a bug in SP1, or do I need to do something to get it back to normal?”

Soluto’s been around for about a year, but it’s still in beta — in other words, it’s unfinished software. Bugs are part of the risk of running any beta software.

It’s usually not worth the effort for end users to try to get beta software working perfectly because the software will almost surely change before final release. Whenever beta software causes a problem, the best and simplest recourse is to remove the software.

That said, Soluto runs at every boot, looking for changes in the startup routine. When the boot changes significantly, Soluto may need several boots to figure out the best load-order. You may also need to open Soluto’s interface to see whether it’s recommending that you remove or delay some of the new boot items.

So I suggest you first reboot several times in a row and follow whatever advice Soluto offers. If your boots remain too slow, uninstall Soluto. This will undo Soluto’s changes and restore your original, pre-Soluto boot times.

Later, when Soluto’s final version is released, you can give the software another try.

Which old patches should she install?

Peggi Lopez is setting up a new PC, which needs lots of old patches.

• “I’ve just set up a brand-new computer. Microsoft has presented me with 34 updates, one dating as far back as 2009. How can I get information on whether or not to download the older ones? I just downloaded March’s and I’m waiting on April’s. But I also have some from 2010 and early 2011 that I don’t know what to do with.

  “I’m not very savvy when it comes to computers, so your help would be much appreciated.”

Updating a new machine (or a fresh installation of Windows) is usually safe. Or, to put it the opposite way, when Windows Update has serious trouble, it’s usually on systems that have been in use for a while, or that have some combination of hardware and software that Microsoft didn’t account for properly when it planned the update. This rarely happens with the more-or-less vanilla configurations found in new machines and fresh setups.

For the absolutely greatest safety, you might want to check Susan Bradley’s Patch Watch columns. Starting with the March 10, 2011, article, “Patch Watch adds problem-patch update chart,” her columns list update patches known to cause trouble in some setups.

Susan’s guidelines apply mostly to business installations for which the costs of even small failures can be high. (For example, a problem that might require a 10-minute fix on a single PC isn’t a huge deal; but the same 10-minute problem happening on hundreds or thousands of PCs would be a major mess.)

It sounds like you’re talking about updating just your own PC. If I were you, I’d let Windows Update do what it wants, and I’d accept all the updates in the order they’re offered. Odds are, everything will install just fine.

But if you’re really talking about a larger-scale installation, Susan’s more cautious advice is the way to go.

Unhappy with current hardware offerings

Jim McIntosh wants a new PC, but is displeased — to say the least — with what’s on the shelves.

• “I have started looking into buying a new Windows 7 system to eventually replace my XP desktop. Looking at the available offerings, I have several complaints.

  1. The power supplies are feeble! If I want to make any expansion, I have to swap out the power supply.

  2. Throw-away memory: I’m enraged by claims that a system is expandable to 8 or even 16 gigabytes of memory, when in reality I will need to pull out and discard the existing memory because all the slots are occupied.

  3. Many of the manufacturers, to save a small amount of money, use minimal length cables that must be run through the box in such a fashion that it is impossible to use expansion slots or hard-drive bays. We are talking pennies per unit. I would need to replace any customized cables to gain access to the offered expansion room that I paid for.

  4. Automatically installed crap that I don’t want and will have to remove — particularly the annoyance of Microsoft Office Whatever 2010 that is installed but not working until I purchase a license.

  5. Phony model numbers that enable the retailers to claim they “will meet any competitor’s prices” but not actually deliver because their crap is different from other retailers’ crap, which I don’t want in the first place.

  I am probably not alone in this lament. Perhaps a united voice led by Windows Secrets can get some results.”

I hear you, Jim, and I agree with much of what you say.

But on the other hand, some of your concerns may be misplaced. For example, many or most modern systems come with video, audio, networking, USB/Firewire, modem, multiple disk interfaces — and maybe more — all on the motherboard. What else is there to add to the core system, except maybe a couple of extra drives? You simply may not need a giant power supply or lots of expansion slots or bays.

Similarly, except maybe for extra drives, what do you need extra-length internal cables for? And, even if you do need them, cable replacements or extenders are cheap. For example, power supply splitters (that turn one power cable into two) cost around a dollar (Google shopping example).

All in all, I suspect you’d be happier with a system you assemble yourself from ready-made, off-the-shelf components. You can select each component individually or buy a bare-bones PC and populate it with the add-ons you desire. Either way gives you excellent control over every system detail and lets you avoid any hint of compromise.

Doing the final assembly yourself can save money, too — though less than it used to, because of the extreme price-deflation that PC commodity components have undergone.

The Gizmodo article, “Do-it-yourself PC builder’s guide,” can give you a good running start. The text shows how to build a stripped-down, minimalist PC for not much over $100; or a pretty decent system for $500 or so.

Your favorite search engine can turn up boatloads of component suppliers and sellers of bare-bones systems. Two good places to start are Newegg and TigerDirect. There are many others.

New, factory-complete systems may not need many — or any — internal add-on components. But if you don’t like what systems vendors offer, fire up your search engine, hunt down suppliers, grab a screwdriver, and build your own custom PC!

Fred Langa is a senior editor of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

OneNote 2010: share and share alike (securely)

By Katherine Murray Work advances through creative thinking, but in many offices, good ideas end up buried under piles of other work almost as often as they’re actually hatched. You can take notes, make sketches, and collect research, of course, but one of the most effective tools for keeping your ideas safely alive, supported, and circulating is Microsoft OneNote 2010.

Great plan: if only you could remember it

You’re in a meeting, and the ideas are flowing like water. Everyone is engaged, and you know you’re making progress on your project. But experience tells you that as soon as people get back to their desks — even though they are charged up right now — they forget their inspiration and get busy with the normal, everyday tasks that eat up their time. Excitement fades, and few — if any — of your action items will actually be accomplished.

If this sounds like a familiar scenario in your office, you may be relieved to discover Microsoft OneNote 2010, an intuitive note-taking tool you can use to easily collect all your great ideas and research items and organize them in a way that makes acting on them easier.

OneNote 2010 is one of the unsung heroes of the Office 2010 suite. It’s a faithful, friendly workhorse — although, judging from its storage requirements, it’s a fairly large workhorse — but it doesn’t claim as much of your moment-to-moment focus as its fancier suite-mates such as Word 2010 or Excel 2010. OneNote seems happy to work behind the scenes to help your team capture important details of your meetings, add research (in the form of Web clippings, audio, video, doodles, and more), and enable you to collaborate easily in a secure, easy-to-manage environment. OneNote 2010 is seamlessly integrated with your other Office 2010 programs, too, which makes it simple to move information from Word, PowerPoint, and Outlook to and from OneNote notebooks.

Another great feature is that OneNote is available as an Office 2010 Web App and as part of Office 2010 Mobile; amazingly, you can get it even as an iPhone app. All this flexibility makes it easy to create and share notebooks securely and then add, use, and review your notes from any point on the globe you have Web or mobile access.

Creating a shared notebook — securely

Creating and using your own OneNote notebook is great if you’re working on a solo project that you design, research, and create all by yourself. But I think the program is exponentially more powerful when you’re working on a collaborative project such as an annual report, a grant proposal, or a new marketing piece that needs the input of a team. Using a shared OneNote notebook, you can gather research, share your thoughts with your group, collect designs you like, track the tasks you need to accomplish, and discuss early feedback with your team as you work toward your project end. OneNote makes it easy to create a shared but secure notebook where all this work can be gathered and recorded in a natural, organic way.

When you create a new OneNote notebook (by clicking the File tab and clicking New), OneNote gives you the option of creating the notebook on the Web, on a network, or on your computer. In the initial New window, you can select an option that allows you to create a shared notebook (see Figure 1).

Figure 1. Each OneNote document is called a notebook.

OneNote 2010 uses Windows Live SkyDrive to store and allow sharing of the notebook you create. So if you are not already logged in to Windows Live, you may be prompted to do so after you click Create Notebook. OneNote then displays a message box asking whether you want to send an e-mail message to others to let them know about the new notebook you’ve created. Anyone who has permission to access the Windows Live SkyDrive folder where the notebook is stored will be able to access it. You can easily change the permissions for the folder, if you like.

Adding teammates to the OneNote mix

You can share your notebook with new users by inviting them from within OneNote. When you click the File tab, the Info window displays information about each of your notebooks and offers you a link you can use to invite new team members to share the notebook (see Figure 2). When you click the link, the Share Notebook window appears; you see the sharing status of the notebook and can elect to send the notebook link via e-mail to additional people. If you opt to e-mail others, a new message appears — with two links already embedded that enable the recipients to view the notebook in OneNote or in their Web browser. You can then send the message normally, and the new team members can open, view, and add notes to the shared notebook online.

Figure 2. OneNote makes sharing notebooks one-click easy

Password-protect sections within a notebook

If you want to increase the level of protection for specific sections in your shared notebook, you can do that easily. You might password-protect a section that only administrators can view (perhaps it contains financial information or other sensitive business-critical data). Or you can create a password to keep a section for your eyes only. You can change or remove the password later, if you choose.

To add a password to sections or pages in your notebook, right-click the tab of the section you want to protect. Choose Password Protect This Section; the Password Protection task pane appears on the right side of the notebook. Then click the Set Password option, and enter and confirm the password you want to use. (Remember to create a strong password by mixing characters — upper- and lowercase — and numbers in an unrecognizable sequence that you can remember.)

Tip: OneNote warns you to write down your password because it is not retrievable; if you forget it, you risk losing access to your notes. Password-protected sections also do not show up in searches when you’re looking for information in your notebook. Make sure you keep your password in a safe place so that you can use that hidden information when you’re ready.

Tweaking your notebooks’ security options

OneNote enables you to further tweak your security options for the notebooks you create by setting your options just the way you want them. To display your choices, click File, Options, and Advanced. In the Passwords area, choose the items that reflect the changes you want to make. You can change the amount of time OneNote waits before locking a password-protected section, choose to lock password-protected sections as soon as you navigate away from the page, or allow your add-ins to access information in protected sections if they happen to be unlocked. You can enable a feature by adding a check mark or disable the feature by clicking to remove the check mark. Click OK to save any changes you made.

OneNote runs with its suite-mates or by itself

Although OneNote 2010 is included with all versions of the Office 2010 suite, you can also purchase it separately as a standalone product. The cost is low (only U.S. $79), but you do need a PC with at least Windows XP SP3 to keep it all running. Microsoft says that to run the software successfully, you need to be running Windows 7, Windows Vista, or Windows XP SP3; have a processor capable of 500MhZ; have at least 256MB RAM; and have 1.5GB available hard-disk space. Yes, that might seem like a lot for a simple note-taking and organizing product. But the gains you can see — such as keeping some of those million-dollar ideas at hand so that you can put them into action — are probably well worth it.

Katherine Murray is the author of Microsoft Office 2010 Plain & Simple (Microsoft Press, 2010), Microsoft Word 2010 Plain & Simple (Microsoft Press, 2010), and Microsoft Word 2010 Inside Out (Microsoft Press, 2010).

Big-time Wi-Fi security for the small office

By Becky Waring Small businesses tend to skate by the Wi-Fi security front; turning on encryption and changing the router password is about as far as many SMBs go. But with sensitive customer and business data at stake, can you really afford not to take Wi-Fi security seriously? The answers are cheaper and easier than you think.

Why businesses can’t afford ‘home’ Wi-Fi routers

If you run a small business, chances are high you have an inexpensive Wi-Fi router designed for home use, rather than a true business-grade router with beefed-up security features. And it’s likely your router is configured with the default parameters it had right out of the box — if it’s secured at all.

The sorry state of small-business Wi-Fi security largely comes down to two factors: cost and expertise.

According to a 2008 U.S. Census report, around 95 percent of U.S. businesses have fewer than 10 employees; most of those have no employees — firms such as sole proprietorships and partnerships. These small operations typically don’t have the budget or in-house expertise for enterprise-class IT equipment and procedures.

But neglecting wireless security can be more costly in the long run. The loss of customer data, whether by accident or intrusion, often leads to a damaged reputation and even litigation. It can bring a small business down.

An internal breach can also cripple a small business if critical operating information is lost or compromised. What would you do if your company e-mail or bank accounts were hijacked? Both are possible consequences of Wi-Fi hacking.

The good news is that small businesses without IT support can implement many enterprise-level security basics without breaking the bank.

Here are three key security tools the big boys have and the typical small business doesn’t — but should:

• WPA/WPA2-Enterprise encryption. The WPA2-Personal (definition) encryption used in newer home routers is good, but WPA-Enterprise takes things a couple of giant steps further. Each user must be preauthorized to use the network and have an account on an authentication server.

  When logging onto Wi-Fi, the user enters her name and password — and only then receives a dynamic network key for that session. (With WPA-Personal, every device on the Wi-Fi network uses the same shared key or passphrase.) Since there’s no global network key and keys are always changing, WPA2-Enterprise is very hard to hack. If a user’s account is compromised, you don’t have to immediately generate new keys for everyone on the Wi-Fi network — they can continue their work without interruption.

• VPN access. Virtually every large company uses Virtual Private Networks for their employees who travel, telecommute, or work in remote offices. With a VPN, all traffic being sent over Wi-Fi (or 3G) is completely encrypted between the remote location and the main network. Only then does it go out to the Internet at large. Even if you are at a public hotspot with no Wi-Fi encryption, no one can sniff out your data.
• Managed firewall. Every good Wi-Fi router these days has an SPI (stateful packet inspection) firewall. But enterprises use intelligent and actively managed firewall hardware to block everything from viruses to spyware to spam, before it gets into the business network. This protects users who’ve turned off or failed to update their software firewalls; and it also protects Wi-Fi devices — such as smartphones and tablets — that might not have intrusion protection.

Big businesses typically implement these with dedicated hardware such as VPN routers, network security appliances, and directory servers — and they have an IT staff to support it.

In the following section, I’ll show you relatively painless ways to get most of the benefits of these advanced security techniques without most of the expense. And for the brave do-it-yourselfers who are comfortable around servers and networks, I’ll also suggest some low-cost or open-source solutions.

WPA-Enterprise setup without headaches

Switching to WPA/WPA2-Enterprise encryption has many benefits beyond simply protecting your Wi-Fi key.

For example, you can set up times of day when users are allowed to access the network, and you can easily remove them from your authorized list when they leave the company. You can also view logs showing when and where employees connect.

Implementing WPA-Enterprise requires a RADIUS (remote authentication dial-in user service) 802.1X authentication server, and the process is not simple. In addition to installing and administering the server, you have to ensure that it’s always up and running — if the server goes down, your wireless Internet access goes down with it.

For most small businesses, that last requirement alone is enough to discourage implementation. Fortunately, there’s a simpler alternative: using a hosted RADIUS authentication service, such as AuthenticateMyWiFi from NoWiresSecurity.

For just U.S. $13 per month or $130 per year, you can set up WPA2-Enterprise with RADIUS support for as many as 10 users. Even better, the users can be in different locations, which is difficult to implement with a dedicated server.

The service works with Windows, Mac, and Linux as well as other devices — such as iPhones and iPads — that support standard 802.1X. There’s even a configuration tool for Vista and Win7 clients that eliminates the need to fiddle with settings.

No Wires claims you can be up and running in as little as 15 minutes, but I’d plan on a couple of hours to set up the account, enter user and password information, and configure clients and routers/access points. The process is relatively straightforward — if you can set up your router, you can set up hosted WPA-Enterprise.

Ongoing administration consists mostly of updating the online control panel with user and equipment changes. Note that your routers and access points need to support WPA/WPA2-Enterprise and RADIUS (but most mid-to-high-end models do).

If you’re so inclined, you can set up your own RADIUS server. The open-source FreeRADIUS site is the place to start. Full documentation is on the site, and you can use a wide range of server operating systems to host it — including Windows, Mac OS X Server, and various Linux distributions.

It’s important to note that if you start using RADIUS for your employees, guests will not be able to connect on an ad hoc basis. So if you need Wi-Fi access for visitors, choose a router with parallel guest-network capability, such as the Cisco Linksys E4200 router (info page) I recommended in the April 14 Top Story, “Get wired performance from your Wi-Fi network.” Guest networks are securely segregated from the main network.

VPN services let you avoid setup hassles

Setting up VPN is probably the single best investment you can make in your wireless security. With virtual private networking, all the data flowing over your Wi-Fi network is strongly encrypted. Even if the wireless stream is breached, hackers can’t get any useful information.

Larger companies implement VPN by installing their own VPN routers. Users connect to the VPN over the Internet, which then routes all traffic over a secure, encrypted tunnel between the remote user and the office router. When a remote user’s data arrives at the VPN router, it’s decrypted and passed onto the more secure (in theory) corporate network.

Much like RADIUS servers, dedicated VPNs are notoriously difficult to set up. Not only do you need to buy a special VPN-capable router and get it working with your office Internet connection, you often need to install and tweak special client software. VPN can also slow down the connection speed between the remote location and the main office.

VPN services, such as GoTrusted, PublicVPN, SuperVPN, and WiTopia eliminate the need for dedicated VPN hardware and maintenance. (There are many more online services, but these four are among the best known and most reasonably priced.)

VPN service plans typically cost about $8–$15 per month per user (or $50–$150 per year). To keep costs down, limit your VPN purchase to just those employees who telecommute or travel.

The one complication using a VPN service is that, in most cases, users must remember to turn on the VPN immediately after connecting to Wi-Fi — otherwise they won’t be secure. Some services offer special, integrated Wi-Fi connection/VPN software that makes this a one-step process, although it may not be available for every OS and hardware platform.

Pricing varies depending on the speed and amount of data you need to transfer, as well as on server locations and encryption level. SuperVPN, for example, charges $15 per month or $135/year for its Deluxe SSL plan — with unlimited transfers, 2048-bit encryption, and servers located around the world. Cheaper VPN services may impose limitations such as monthly data caps or the inability to stream high-quality video.

In general, the more servers a VPN company has in various locations (both domestic and international), the speedier and more reliable the connection. Bigger services have a key advantage in this regard. Sign up for one month to try out a service and make sure it performs well for you before committing to a year-long subscription.

If you really want to set up your own VPN server and are not intimidated by potential setup hassles, I recommend the new Cisco RV220W Wireless Network Security Firewall (see Figure 1), a dual-band 802.11n router with good VPN support (up to five SSL or 10 PPTP tunnels) and optional Cisco ProtectLink Web security. It’s one of the few lower-cost VPN routers with gigabit Ethernet. You can pick it up online for about $270.

Figure 1. The Cisco RV220W Wireless Network Security Firewall router supports three important enterprise-level security features: WPA-Enterprise encryption, VPN access, and an intelligent firewall option.

Setting up your own VPN server also offers the advantage of giving remote users access to office network resources such as printers, NAS drives, and servers. (VPN services typically do not give you access to these network resources, but you can fill the gap with remote-access services such as LogMeIn or TeamViewer. Remote-access services also provide secure encrypted connections so that you don’t need to use a VPN at the same time.)

If you need remote access to a file server, another option is network-attached storage (NAS) with Web support, such as the new Buffalo CloudStor devices (shown in Figure 2). Priced around $135 and up, these inexpensive boxes require no network setup or expertise, yet they let you access files remotely and set up private network shares. Buffalo even offers free mobile apps for iOS, Android, BlackBerry, and Palm WebOS.

Figure 2. The Buffalo CloudStor series of NAS devices lets you access network storage from remote locations.

CloudStor can also be used for network backup and media serving, and you can easily expand it by plugging in standard USB drives — a major plus. I recommend the 2TB CloudStor Pro ($260 list), which has a faster processor and more RAM than the base model. All models have gigabit Ethernet support.

Security ‘appliances’ beef up your firewall

The third leg in our heavy-duty Wi-Fi security stool is a dedicated network-security appliance such as a unified threat management (UTM) device or managed network firewall.

Yes, you already have Windows firewall turned on, or maybe you’re using the one in your antivirus suite as well as the firewall in your router. But you can’t trust all employees to use their firewalls correctly. Some devices, such as tablets and smartphones, might not have built-in firewalls.

Big enterprises use heavy-duty firewall hardware to prevent threats (as well as traffic they may want to ban, such as Facebook or streaming video) from ever reaching their computers in the first place.

Happily, a few firewall vendors also offer lower-cost versions of their products, specifically designed for small businesses.

The SonicWALL TZ 100 (info page) is probably the most popular of these. (See Figure 3.) Starting at under $300, it gives you a hardened firewall with options such as SSL VPN and VoIP support, gateway antivirus and anti-spyware protection, intrusion prevention, and Wi-Fi capability. For another $90 per year, you get firmware and software updates, advanced hardware replacement, and 24/7 support via telephone or e-mail.

Figure 3. The SonicWALL TZ 100 is available with and without Wi-Fi.

It’s probably worth hiring a consultant to set up a SonicWALL initially, because one wrong setting could compromise your network. But the overall cost of ownership is low, considering the security you get. If you have the consultant set up the VPN capability at the same time, it may even pay for itself in the cost savings of using SonicWALL instead of a separate VPN service.

The bottom line is that it doesn’t have to cost an arm and a leg to secure your business properly. For under $1,000 and a couple days of your time, the typical small business should be able to implement all three levels of security mentioned here. And with growing competition among service providers, the cost is likely to drop in the years to come.

Becky Waring has worked as a writer and editor for CNET, ZDNET, Technology Review, Upside Magazine, and many other news sources.